More Evidence for Why Security is Up To You.

RadioShack has put 65 million customer names, addresses and 13 million email addresses up for sale in its bankruptcy proceedings. This data is part of the asset list that Radio Shack has submitted to the courts and has actually already auctioned off as part of the proceedings.

As you probably know if you have ever shopped at a RadioShack, the company has always asked for and usually received their customers’ contact information at checkout. Now, part of those bankruptcy assets also includes your phone numbers and your shopping habits and purchasing preferences as well.

The auction winner, Standard General—a hedge fund and RadioShack’s largest shareholder—sounds like an evil corporation right out of central casting. The promising news is that the good guys (aka, the Texas court system) still have to approve the deal, and must consider a couple of legal challenges targeted at the act of turning over customer data.

Texas Attorney General Ken Paxton is arguing that selling the data is flat out illegal under Texas state law. You see, Texas doesn’t allow companies to sell personal information in a way that violates their own privacy policies, and for years the signage in Radio Shack stores clearly stated that “We pride ourselves on not selling our private mailing list.”

AT&T is also a party to this case and they are masquerading as a privacy defender (in the most cynical of ironies) by arguing that Radio Shack is not entitled to at least the personal information it collected from the sales of AT&T wireless service and products. This is of course a poorly disguised attempt to prevent the personal information data from falling into a competitors’ hands – like maybe Sprint for example, who is also arguing that they should be allowed to co-brand Radio Shack stores as Sprint locations.

There is Federal judicial precedent for allowing customer data to be auctioned off in bankruptcy proceedings, as the Federal Trade Commission in 2011 allowed Borders Books to auction personal data based on the same privacy policy extant in the Radio Shack case..

In another unrelated case, all that personal data you supplied or verified with Experian when you were referred over to them following the Target data breach has also been compromised. I am assuming that you were one of the 110 million Americans whose PI was stolen from Target. If not, then good for you. If so, then you should realize that there is a high likelihood that your personal information is now in the hands of black market dealers. As you probably know, after the Target breach, they recommended their victims to a free one year program for identity theft protection through the Experian credit bureau.

Just prior to that referral program, Experian had its own breach and lost (unspecified) millions of names, addresses and social security numbers to a hacker who struck again after the program was in place. It took U.S. Secret Service agents to bring Experian’s attention to the breach. Experian denies any knowledge of the attack, but sources say a Vietnamese hacker has been selling this data to identity thieves around the globe.

Since Radio Shack essentially doesn’t exist anymore, I suppose its okay for them to renege on their promise to keep your data to themselves, but are you really willing to share this sort of information in the future? Since it is clear that you can never be sure where your data will end up, it might be a good idea to keep it to yourself. The most effective security protection system for your employer’s data and for your personal information is … YOU.