Radio Shack Sued for Exposing Customer Info

The State of Texas has charged electronics retailer Radio Shack with violating state identity protection laws, claiming the company dumped thousands of customer records behind a store near Corpus Christi, possibly exposing consumers to identity theft.

Attorney General Greg Abbott leveled two charges against the Fort Worth-based company this week, including violating provisions of the state's 2005 Identity Theft Enforcement and Protection Act, which requires the proper destruction of clients' sensitive personal information.

This, the most serious charge, carries a penalty of up to US$50,000 for each violation.

Abbott also charged the company with violations under Chapter 35 of the state's Business and Commerce Code, which requires firms to develop retention and disposal procedures for their clients' personal information, according to the attorney general.

The second charge carries a penalty of up to $500 for each abandoned record.

Tossing Records

Around March 21, Radio Shack customer records and receipts were allegedly tossed into a dumpster behind the store, exposing customers to identity theft. The documents contained names, addresses, Social Security numbers and credit card information.

The consumer electronics chain operates around 4,500 stores throughout the country.

The attorney general called identity theft "one of the fastest growing crimes in the United States" and said Texans have a right to expect their personal information to be protected.

"The Office of the Attorney General will take all necessary steps to ensure that consumers are protected from identity thieves," Abbott said.

Isolated Incident

Radio Shack is not denying the transgression occurred, but says it is an unfortunate and isolated incident that does not reflect how the retailer handles sensitive information in general.

"Radio Shack takes seriously its obligation to maintain and safeguard all company records, especially when they contain a customer's nonpublic information," said Eve Schmidt, an area vice president for Radio Shack.

In this isolated instance, the store did not act in accordance with its policies. "However, we moved quickly to reclaim and secure those documents," Schmidt added.

Identity Theft in All Corners

The problem of identity theft comes in many forms, from computer hackers swiping information from supposedly secured systems to crooks "dumpster diving" for printed credit card receipts.

Identity theft comes in many forms and the list of companies and organizations reporting breaches has increased dramatically, too, Rob Ayoub, an industry manager of network security at research firm Frost & Sullivan, told CRM Buyer.

The financial and other damage from identity theft and security breaches has increased, as well, he said. For example, retailing giant TJX recently revealed at least 45.7 million customer credit and debit card numbers were stolen by hackers.

In addition, there also have been a number of large-scale breaches, including the disappearance of back-up tapes containing the Bank of America (NYSE: BAC) credit card information of 1.2 million federal workers and the theft of personal information from 98,000 people in the University of California, Berkeley alumni system.

"The problem is growing but the increase is due to more than just one factor," Ayoub noted. Other factors include a greater public awareness of the issues involved, and the law -- increasingly, stiffer penalties await companies that do not readily disclose security breaches.