Chase bank seems a bit too loose with clients’ data

West Hills resident Victoria Afonina works as a computer programmer for a major supermarket chain, so she knows probably better than most people how vulnerable her personal information is once it gets out into the open.

She routinely tells banks and other financial-service providers that they can’t share her information with other companies.

So it came as something of a shock when a letter arrived from Chase bank the other day informing Afonina that her name, address and account numbers were among confidential customer data that had been shared with another business.

Worse, according to Chase’s letter, a file containing the info had been inadvertently posted online for all to see.

And as if that wasn’t troubling enough, the information “was accessed by a non-Chase employee,” which narrows the list of possible suspects to, oh, about 6.6 billion people.


“I was very upset,” Afonina, 44, told me. “I know that it only takes a fraction of a second for someone to copy files that appear on a website.”

The incident serves as a reminder that, in the digital age, no one’s personal information is ever 100% safe. More than 343 million records have been involved in security breaches over the last five years, according to the Privacy Rights Clearinghouse, a San Diego advocacy group.

But the accidental posting of confidential customer data on another business’ website is highly unusual, illustrating the ease with which your personal info can get out there -- even when you specify that you want your records to stay under wraps.

A Chase spokesman, Tom Kelly, declined to provide details of the breach, including the name or location of the other company involved, or how long customers’ data were posted online. He said only that Chase works with the other company to handle some of its mailing.

Afonina said that when she called a Chase customer service rep, she was told only that the incident happened in October. So why did it take about three months for the bank to notify customers?

“We had to match the file to current customers,” Kelly answered. “This was the amount of time it took.”

He declined to elaborate on why a computer couldn’t perform this task in a matter of minutes.

Kelly also declined to elaborate on the “non-Chase employee” who accessed the customer data. Did he work for the mailing company? Is his identity even known?

“It’s a non-Chase employee,” Kelly reiterated. “That’s the level of detail that we’re sharing.”

He said that even though people’s names, addresses and account numbers were potentially exposed to identity thieves, no Social Security numbers were involved.

The file also did not identify the accounts as belonging to customers of either Chase or Washington Mutual, which Chase acquired in 2008, Kelly said. However, this probably would have been known if the person who accessed the file worked for the mailing company.

Kelly said Chase was offering a year of free credit monitoring (using Chase’s own monitoring service) to anyone affected by the breach. But this requires you to provide your Social Security number during the enrollment process -- a no-no for many people.

Afonina said she wants even more protection. She intends to freeze her credit files, meaning that no one could access them without her say-so.

However, this will require a $10 fee (per credit agency) to place the freeze, plus another 10 bucks every time you authorize access to your files.

“This is the best way to protect yourself if your information is released,” Afonina said. “But Chase said they won’t pay for that.”

Kelly said that “given the circumstances of this incident, we don’t think it’s necessary.”

In September, Chase sent letters to an unspecified number of customers informing them that a computer tape containing their personal information had gone missing from a third party’s storage facility. Kelly declined to provide details of that earlier breach.

Not to be rude, but I’m kind of getting the feeling that Chase needs to pay a bit more attention to its business partners. A trend is emerging, and it’s not one that favors customers.

Hit and run

I wrote in November about a Pacific Palisades resident who was left to fend for herself after her car was rear-ended on the 101 Freeway. The other driver, who probably was uninsured, took off after the accident.

The same thing just happened to me.

I was driving last week from Hollywood to downtown on the 101 in stop-and-go traffic when my car got bumped from behind. We weren’t going fast enough for serious harm to be caused, but this was more than a love tap.

There was no way I could exit my vehicle in the middle of the freeway.

So I rolled down my window and pointed to the shoulder of the road, then carefully picked my way across three lanes of busy traffic.

The other car, a white sedan containing what looked like a pair of teenagers, appeared to follow. But when I reached the shoulder, they were gone.

State officials believe the number of uninsured drivers has soared in tandem with sky-high unemployment. Moreover, most insurance companies won’t cover any collision damage if you can’t identify the driver of the other vehicle.

In my case, what this means is a rear bumper with a few bumps and bruises -- it could have been a lot worse.

But I’ll sure think twice next time before looking away from the other vehicle.

David Lazarus’ column runs Wednesdays and Sundays. Send your tips or feedback to