Tuesday, October 24, 2017

No Dark Web Required

What happens when you spend hours begging with two major companies to stop sending you someone else's personal information?

You waste a few hours of your life that you'll never get back.

Is this some kind of not-s0-funny riddle? 'Fraid not.

It's Halloween time and yet I'm writing a serious post today. Know why? Because sometimes there's nothing quite as scary as real life. And I'm not even talking about Trump this time.

It started with an email from Sears about my credit card. Except I don't have one. As I looked at the email I saw that the card belonged to someone else. It's an error, or maybe spam. I deleted the email.

Over the next few days more emails came in about my account. I realized that it's not spam, someone's account has been associated with my email address, and I was getting her personal financial information. Not only that, but the email invites me to manage her account by registering online using my email address. Whoa. In this day of rampant identity theft, I knew that Sears would want to rectify this issue so I responded to the email explaining the error and asking that they delete my email from association with this woman's account. 

A major retailer and a major credit card company won't stop sending someone's personal information to someone else | www.BakingInATornado | #fraud #finance

I expected accolades, quite honestly, a "thank you for your honesty and time in bringing this to our attention". 

Just call me delusional.

The emails kept coming. There was a phone number for Sears and, in an abundance of caution, looked the number up myself and called. Once I finally got a person on the line, I explained the situation to her. And the next person, and the person after that and the person after that. I was put through to department after department, all saying the email was not generated by them. 

I requested the assistance of a manager. I shouldn't have to, but I explained how dangerous it is to be sending someone's full name and credit card information to someone else. I want someone to go in to this person's account and delete my email address. Or call her and confirm that my email address is not hers. Over and over I was told that they do not have access to her account. 


The most I could get from them is that I can "unsubscribe" from the emails, which should stop most of them.

But there's another issue here as well. As much as this person would not want me getting her personal information, I also do not want my email associated with her credit card accounts. I want the connection between her and my email address severed. I got nowhere.

Light bulb moment. Social media. I sent a private message to Sears' facebook page. Again I explained that they are putting their customer in jeopardy. I even sent them a page capture of my email with her personal information. They answered right away. Unfortunately they put it right back on me, telling me to call Citibank. 

To continue banging my head against a brick wall or to just give up, that is the question . . . 

Yeah, I called Citibank and all I can say is "second verse, same as the first". I explained the situation to person after person, department after department. Ever heard of credit card fraud? Identity theft? Any of these words mean anything to a multinational financial services company?

Trying to think of any angle, I asked them to look at my account, as I have one with Citibank, and see that the same email address is associated with both accounts, asked them to call her. They claim that they do not have access to this woman's account information, nor mine. I held while they contacted their IT people to see if they could access company email lists but they claim that isn't possible either. 

I can guarantee you that if this woman did not pay her bills they'd find a way to contact her. Probably through my email, won't that be fun?

I asked about their fraud department. For some reason I couldn't talk to them but was given a Citibank Fraud email address. I sent an email forwarding one of the emails I'd received with this message:

A major retailer and a major credit card company won't stop sending someone's personal information to someone else | www.BakingInATornado | #fraud #finance

This is the gist of the automated response (really? fraud gets an automated response?). Citibank thanked me for reporting the fraud (yay), said that they look into every issue reported to them (yay), but do not respond to people individually (why not, don't you think after their efforts they deserve resolution?). Oh and btw, this email address is only for, and we only investigate reports of, people sending out phishing emails fraudulently claiming to be Citibank (so screw us, it's all about you . . . got it!).

A major retailer and a major credit card company won't stop sending someone's personal information to someone else | www.BakingInATornado | #fraud #finance

In extreme frustration I did unsubscribe. Yes, it smacks of "if I don't see it, it's not happening" and no, I don't believe that. Didn't stop the emails either, btw. 

And in extreme frustration I have been forced to accept that my email address remains linked to someone else's account. There could be future ramifications but neither Sears nor Citibank seems to care about the fact that they are actively complicit in enabling the possibility of fraud.

Is your personal information going from a major retailer or a major credit card company to a stranger? Could be. 

Will the recipient use it? Conceivable.

Will they try to rectify the error to no avail? Possibly. 

Happy Halloween. Are you scared now? You should be.

One final note to the person whose personal information I have erroneously received, continue to be sent and will apparently have to deal with in perpetuity, let me say this: sit back, have a cupcake, relax, you're lucky it's me, your information safe.

Daddy Long Legs Halloween Cupcakes, a fun Halloween treat. Vanilla cupcakes with vanilla frosting decorated with candy for that spider look. | Recipe developed by www.BakingInATornado.com | #recipe #Halloween

Daddy Long Legs Halloween Cupcakes

Baking In A Tornado signature | www.BakingInATornado.com | #MyGraphics

 Daddy Long Legs Halloween Cupcakes

Printable Recipe

1 box (15.25 oz) of yellow cake mix and the ingredients called for on the box
1 tsp vanilla

1 can of whipped white frosting
1 tsp vanilla
2 drops red food coloring
4 drops yellow food coloring

18 - 24 small round caramel filled chocolate candies 
36 - 48 candy eyes, mini nonpareils or mini M&Ms
1 package pull 'n peel twizzlers, strands separated

*Fill 18 (for larger cupcakes) or 24 (for smaller cupcakes) cupcake tins with paper liners. Preheat oven to 350 degrees.
*Make the yellow cake according to box directions, adding a tsp of vanilla.
*Bake the cupcakes (about 15 - 19 minutes, until the center springs back to the touch. Cool completely.
*Mix the frosting with the food coloring and remaining tsp of vanilla.
*Place about 2 TBSP of the frosting into a small (snack size) sealable bag. Make a very small snip in the corner. Set aside.
*Place the rest of the frosting in a larger (sandwich size) sealable bag and snip the corner. Pipe frosting onto the cupcakes.
*Place the center of 4 twizzler strands onto the center of each cupcake so the "legs" drape down the sides.
*Using the frosting in the snack size bag, place a small dollop of frosting onto the center of the twizzler "legs" and top each with a chocolate caramel candy.
*Last, pipe a dot of frosting onto the back of each "eye" and attach 2 to the side of each chocolate caramel candy.


  1. Karen, Citibank would be regulated by the New York Department of Financial Services. This is the NY regulatory agency for banks, and I can tell you that they can be quite responsive to consumer complaints. I would, if you have the stamina for one more phone call or website search, contact them. It may not matter that you don't live in New York, as Citibank does business in New York. On their website is a page for consumer complaints. In light of the Equifax breach, their Department is quite sensitive to the issue of cybersecurity. If you do do this, I hope you will report in your blog what your experience is. As a resident of New York, I hope it is a good one. And THANK YOU for being a good citizen and a good person. Alana ramblinwitham.blogspot.com

    1. I actually tried tweeting the House Financial Services committee but no response. I will look into the NY Dept Financial Services, see if I can get a complaint in to them. Thank you.

  2. Bloody hell maybe you should have gone to the local news about it the bad publicity might make someone take notice because this is so bloody wrong and frustrating.

  3. Good grief. No wonder Sears is going under!
    Citibank is obviously next!

    1. It truly has been a lesson for me in why things are as bad as they are. I had no idea.

  4. Holy mackerel!! I've had similar situations in the last few years. Funny how they claim to protect our privacy but as soon as they mess up, it is up to us to fix or ignore. And yes, you can bet your sweet bippy that if she doesn't pay, they will contact her or you or both. Oy!
    Adorable cupcakes by the way.

    1. After trying to deal repeatedly with both companies I can say for a fact that they do not care about an individual's security at all. Sad. And scary.


Warning: Comment at your own risk. I have Comment Moderation, meaning I approve all comments before they show up here. So go ahead, I'm not scared!