Here’s another good example of corporate cluelessness.
Apparently, in an attempt to recycle paper, the Boston Globe and the Worcester Telegram & Gazette, both subsidiaries of The New York Times, sent out credit card data on possibly as many as 240,000 subscribers. The credit card data was printed on paper, which was then recycled internally and used for printing the routing slips attached to 9,000 bundles of newspapers sent to retailers and carriers last weekend, according to the newspapers.
There are articles about this story at CNN, Emergent Chaos, The Network Security Blog, and MSNBC. I’m glad to see that even the Boston Globe has an article about it on their website, along with a message from the publisher.
This is one of the very few recent data breaches that was non-electronic, which didn’t require dumpster diving of any sort. It appears to be the result of a very poorly thought out paper recycling initiative by what I’ve read.
Of course, any report has to be examined to see if there is any potential bias by either the people funding the research or writing the report. In the case of this report, it was partially funded by Visa and Wells Fargo, which may mean that it may not be all that unbiased.
Update: According to Slashdot account and routing information for 1,100 subscribers who paid by check was also released.