Complain about a product or service

Texas Sues CVS for Dumping Customer Records

By Martin H. Bosworth
ConsumerAffairs.com

April 19, 2007

Identity Theft • FTC Proposes Ways to Reduce Identity Theft • "Underground Economy" for Crime Thrives, Report Says • Feds Issue New Identity Theft Recommendations • Identity Theft: One Woman's Story, Eight Months Later • Consumers Cautioned About Voter Registration Scams • Young Adults Seen As Prime Identity Theft Targets • Researchers Find Security Flaws In Online Banking Sites • 'Red Flags Rules' for Identity Theft on the Way • Identity Theft: One Woman's Story • Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards • Identity Theft a Growth Industry in Texas Border Towns • FTC Warns Consumers About Tax Rebate Scams • Big Banks, Telcos Top Identity Theft List • Identity Theft Tops FTC Complaint List Again • Study Claims Identity Theft 'Continues To Decline' • 650,000 Retail Customers Exposed In Data Breach • Children Becoming Prime Identity Theft Targets • FTC Finds 8 Million Identity Theft Cases • New Jersey Wants Banks to Help Fight Phishing Scams --- • More ...

If there's one thing Texas Attorney General Greg Abbott doesn't like, it's careless data disposal. Abbott's latest target is CVS, over the dumping of hundreds of customer data files behind a store in Liberty, Texas. The information included names, addresses, Social Security numbers, prescription information, and credit and debit card numbers.

Abbott's office posted redacted scans of the recovered information on its Web site, displaying receipts and forms full of personal information. Abbott's office is investigating if any of the information may have been used for identity theft or fraud.

"Identity theft is one of the fastest growing crimes in the United States," Abbott said in a statement. "Texans can rest assured that we will continue aggressively cracking down on vendors who jeopardize the confidentiality of their clients' sensitive information."

CVS is charged with violating Texas' "Identity Theft Enforcement and Protection Act" of 2005, under which businesses can be charged $50,000 for each potential violation. In addition, Abbott accused CVS of violating Chapter 35 of the state's Business and Commerce code, which requires businesses operating in Texas to develop and maintain procedures for retaining and disposing of customer data. Each exposed record could cost the drugstore giant $500.

Radio Shack employees in Portland, Texas who had dumped thousands of customer records behind their store found themselves hit with a similar lawsuit from Abbott's office on April 3.

Abbott had previously campaigned against the posting of Social Security numbers online by Texas county employees, a crusade he lost when Governor Rick Perry signed legislation approving the practice. Abbott was also one of the first state Attorneys General to sue the Sony corporation for selling CDs containing dangerous "rootkit" software that exposed users to potential hacker attacks.

What Your Drug Store Knows About You

CVS and many other store chains gather extensive customer information through their "loyalty card" programs, which they will then often sell and resell to partner companies and third-party marketers, often without the customer's knowledge or express consent.

The information gathered not only presents the retailers with a thorough profile of the customer, but also constitutes a serious identity theft risk if it is not properly safeguarded.

CVS' "ExtraCare" rewards program was at the center of a small privacy breach in 2005 when the anti-loyalty card group CASPIAN (Consumers Against Supermarket Privacy Invasion And Numbering) exposed the ease with which people could obtain a CVS ExtraCare member's shopping history from the company Web site. The breach was shut down after CASPIAN founder Katherine Albrecht documented how someone could get access to any ExtraCare member's buying records just by using their card number, ZIP code, and the first three letters of their last name.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.

Back to the top |