Data mining as a security measure?

January 5th, 2014

Los Angeles Times reporter David Lazarus, prompted by a tip-off from a reader, tried registering with a UPS service that offered more control over parcel delivery schedules and found that UPS already knew quite a bit about him and his family:

In my case, UPS wanted me to name the city I'd formerly lived in. San Francisco, where I resided before moving back to Los Angeles, was on the list.

The next one was a trick question. It asked me to name the street I'd once lived on or "none of the above." The answer was "none of the above."

The third question asked me to name the city I'd never lived in. The list included three Connecticut cities I'd never visited and the one where I was born. Since you could pick only one answer, I picked "all of the above."

The UPS site then said it would need more information to verify my identity and asked for my birth date. Maybe this was just a glitch. Or maybe it was a sneaky way to get me to cough up this most important of data points.

I provided my birth date and was presented with a trio of much more specific questions. The first asked the month that my wife was born, and it included both the correct month and her full name.

The second one again identified San Francisco as my former home. The third question included the street in San Francisco that I lived on.

Like Miller, I was completely creeped out.

I'm not sure what's creepier about this: the notion that data mining lets companies know this much about potential customers, or the idea that they might have gathered incorrect information and there's no practical way for me to correct it because I don't know where they got it from.

[Via RISKS Digest Vol. 27, Iss. 65]

This entry was posted on Sunday, January 5th, 2014 at 22:34. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.