The social financial networking site Blippy.com is getting an expensive pubic relations lesson on the importance of keeping customer’s credit card numbers sacred. On Friday, MainStreet reported that four Blippy customers had their credit card numbers exposed via a simple Google search. Here’s what went wrong, and what consumers can take away from the experience.
Sure, it’s only four customers out of thousands who were exposed to potential card fraud, but who among us would like to switch places with any of them?
While consumer advocates are taking to their blogs and Twitter pages to display their outrage, Blippy is downplaying the data leak. Most news accounts played up the “easy access to private data” angle, noting that for a good chunk of that Friday, anyone could access the four customers’ credit card numbers on a simple Google search. Available to trollers were card customer transactions, including location, date of purchase and, most worrisome, the customer’s credit card number.
For a detailed account of the company's side of the story, check out Blippy's blog.
One critical misstep, though, is described by Blippy’s co-founder and CEO Ashvin Kumar on the Blippy blog, which was dated April 26 at 1:22 a.m.
“Naturally, when users learned of the issue this weekend, some wanted to disconnect their credit card accounts or delete their entire user account. At the same time, Blippy’s servers had been under increased load due to the media attention. This resulted in many failed requests to delete accounts because we had not invested sufficiently in making our account deletion process as programatically efficient as it could be.”