Friday, June 06, 2014
Story obscures possible Star-Advertiser subscriber data breach
by Larry Geller
The headline on the page A21 story in today’s Star-Advertiser, Suspect accused of fraud and other crimes, inspired me to flip the page over and read something else. But then, the words “Honolulu Star-Advertiser billing information” caught my eye because they were just above a bold-face breaker box that stood out.
Police are investigating whether personal information Groy used may have come from the Honolulu Star-Advertiser billing information that was being kept in a storage facility, a source said.
“Groy” is the accused, Sadie J. Groy, now in custody. “A source” is unidentified by the reporter.
A 30-year-old woman using a counterfeit credit card racked up $21,000 in charges during a five-day shopping binge that included a $4,000 purchase at a jewelry store, the victim of her scheme said.
That’s $21,000 presumably from a newspaper subscriber’s credit card account. The use of an anonymous source is especially troubling when the exposed data is from the reporter’s own employer.
If it had been improperly protected Target customer data or yet another data breach at the University of Hawaii, would the paper have obfuscated the clear issue of whether it has protected its subscriber information adequately?
Was the subscriber data (including possibly your data or my data) properly encrypted on electronic media or just stored on paper, plainly readable?
Did the accused ID thief have direct access to the data, or was it provided by a Star-Advertiser employee?
Dear editors: we need to know more than this inadequate story reveals. How about coming clean about how the theft of Star-Advertiser data took place, who is affected, and what measures have been put in place to protect subscribers whose data may have been stolen?
Very concerned about this! My elderly grandmother is a subscriber, and uses credit card to make the recurring payments. I'm worried because she would be really heavily impacted if someone were to charge things in her name. I didn't see this in the paper; the headline just wasn't accurate at all. I heard about the breach on the radio (990 KIKI AM) this morning on the way to work, though.