Sprint had their data leaked by an employee. From the letter:
“It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account.”
My question is, why did they even have access to the security question? Why can’t they type it in, and like password verification, have the system tell them if it matches? This would limit the amount of people who this info could be used against to only those that the employee spoke too.
You must log in to post a comment.