AOPA ratting me out

[Sundancer]

Dang, I actually like AOPA; the magazine is good - I really like the photography and the snippet about a different used airplane each month. . .

But they sent me a "Birthday" greeting the other week. . .automated, of course. On my birthday.

In effect announcing my DOB on un-encrypted email. I jumped on, griped at 'em, and changed my DOB to the standard 1/1/1900 I use everywhere else. No clue why I had missed that on my AOPA account.

Someone(s) gonna pipe up about how "all our data is compromised"; it's not that cut and dried of course, and the nuance, breadth, and context matters a bunch. Just expected better from AOPA

 

[RyanB]

Maybe I’m missing some kind of not so obvious joke here, but I don’t see why that is so concerning to you.

 

[NoHeat]

Maybe I’m missing some kind of not so obvious joke here, but I don’t see why that is so concerning to you.

Maybe Sundancer is cautious about identity theft. I would be, too.

I think AOPA has no business asking for my birth date. Or SS number. Or anything like that. So giving them a bogus number is the right thing to do.

Edit: I just checked my account, and it appears to me that one can omit the birth date altogether. They just don’t make it obvious that’s so.

 

[ZeroPapaGolf]

Most websites ask for your birthdate when you register as part of COPPA compliance (more accurately, to show that their users are all 13+ and not applicable to COPPA). https://en.m.wikipedia.org/wiki/Children's_Online_Privacy_Protection_Act

 

[RyanB]

Maybe Sundancer is cautious about identity theft. I would be, too.

Identity theft requires more than just a name and birthdate.

 

[Let'sgoflying!]

and changed my DOB to the standard 1/1/1900 I use everywhere else. No clue why I had missed that on my AOPA account.

Aren't you afraid no one will believe you are that young??

 

[GRG55]

Identity theft requires more than just a name and birthdate.

But it's a place to start.
And that's the problem.
One of my partners was a victim of this. He found out when he tried to file his income tax return. And once someone has your SSN you are vulnerable for life.

 

[GRG55]

...my DOB to the standard 1/1/1900...

That would mean your Dad might have bought tickets and taken you to see the Wright Bros when you were three.

 

[Sundancer]

Identity theft requires more than just a name and birthdate.

I could write a book; or share a lengthy paper; truly, I am fully aware of the data and mechanisms involved. DOB is part of the picture, and a quite valuable one. It was just a sloppy, unnecessary act by AOPA, surprisingly so for a membership organization.

I generally don't share my PII via web sites, and AOPA doesn't require you to register that way. Annoyed with myself that I, at some point in the past, plugged in a my real DOB, which I don't usually do. Been a member a long time, maybe it was back then.

 

[RyanB]

But it's a place to start.
And that's the problem.
One of my partners was a victim of this. He found out when he tried to file his income tax return. And once someone has your SSN you are vulnerable for life.

Understood. You know as well as I do, that with just a Google search, one can discover a scary amount of information about any one person, by only having small bits and pieces about them to begin with.

Point is, I really don’t feel that this instance in particular is making anyone more vulnerable to an identity theft than anything else. If that’s the case, any of us who are AOPA members are under the scope too.

 

[RyanB]

I could write a book; or share a lengthy paper; truly, I am fully aware of the data and mechanisms involved. DOB is part of the picture, and a quite valuable one. It was just a sloppy, unnecessary act by AOPA, surprisingly so for a membership organization.

I generally don't share my PII via web sites, and AOPA doesn't require you to register that way. Annoyed with myself that I, at some point in the past, plugged in a my real DOB, which I don't usually do. Been a member a long time, maybe it was back then.

I wouldn’t sweat it, honestly. You’re not alone in this.

 

[Sundancer]

That would mean your Dad might have bought tickets and taken you to see the Wright Bros when you were three.

Yeah, wouldn't it?

Validation and edits on most modern software apps is pretty stupid; see that kind of "tolerance" much more now than back in the green-screen days; getting the data seems to satisfy the requirement - it doesn't have to be high-quality, just meet the schema rules. Mostly it works (1/1/1900) when I have to use it. If not I just run it up a few years.

 

[Sundancer]

I wouldn’t sweat it, honestly. You’re not alone in this.

Oh, not worrying overly much, I know the odds of it having an impact are low; like the old joke between bow hunters: "I don'.;t have to outrun the bear; I just have to outrun you".

 

[SoonerAviator]

Wow, I don’t think I’d have given it a second thought if I got a Happy B-Day email, lol. It’s not like they threw your SSN, address, and mother’s maiden name out there.


Sent from my iPhone using Tapatalk

 

[chartbundle]

I get quite a number of happy birthday emails from websites, typically January 1st, April Fools Day or May Day.

 

[RyanB]

I get quite a number of happy birthday emails from websites, typically January 1st, April Fools Day or May Day.

So do I. Now that I think of it, I believe there is a place at the bottom of those emails that allows you to opt out of them, if it bothers you bad enough.

 

[RJM62]

I could write a book; or share a lengthy paper; truly, I am fully aware of the data and mechanisms involved. DOB is part of the picture, and a quite valuable one. It was just a sloppy, unnecessary act by AOPA, surprisingly so for a membership organization.

I generally don't share my PII via web sites, and AOPA doesn't require you to register that way. Annoyed with myself that I, at some point in the past, plugged in a my real DOB, which I don't usually do. Been a member a long time, maybe it was back then.

The time prior to the most recent time my identity was stolen, I attended a class about how to prevent identity theft. I suppose it's pointless now that the Equifax breach has everyone's PII out on the street, but giving a phony DOB to Web sites that have no legitimate need for it was one of the suggestions.

Rich

 

[flyingron]

The happy birthday email is a function of the vBulletin forum software. I run another site that uses it and it's amazing how many people send back thank you messages thinking that these were manually sent (They even come from a user "Otto Matic" on our system.).

 

[wrbix]

Oh.....and Happy Birthday, by the way

 

[MauleSkinner]

It was just a sloppy, unnecessary act by AOPA, surprisingly so for a membership organization.

Of all the reasons people give for leaving AOPA, this was mine. If they treated the people they're lobbying to with the same lack of attention they treat the people they're supposedly lobbying for, they'd have zero effectiveness.

 

[Ken Ibold]

Of all the reasons people give for leaving AOPA, this was mine. If they treated the people they're lobbying to with the same lack of attention they treat the people they're supposedly lobbying for, they'd have zero effectiveness.

If?

 

[paflyer]

Most websites ask for your birthdate when you register as part of COPPA compliance (more accurately, to show that their users are all 13+ and not applicable to COPPA). https://en.m.wikipedia.org/wiki/Children's_Online_Privacy_Protection_Act

Another useless, easily thwarted regulation.

 

[Sundancer]

The time prior to the most recent time my identity was stolen, I attended a class about how to prevent identity theft. I suppose it's pointless now that the Equifax breach has everyone's PII out on the street, but giving a phony DOB to Web sites that have no legitimate need for it was one of the suggestions.

Rich

Yeah, it is out there for most of us - but there is value in some containment; like an airport fence isn't a cure all for avionics thefts; nor is good ramp lighting, or the occasional pass by a rent-a-cop, or gate alarms. But at some point, the preponderance of all these measures does make one airport less appealing than another for a thief.

Not every bad actor will have access to the Equifax theft, for example. Might not have the money or contacts to buy it. So, yeah, I'm hosed by Equifax (and the VA, OPM, Home Depot, DoD, Target, mortgage company, etc.) - but there is still some good effect from doing things to reduce the further spread of your info.

Froze my credit long ago, don't use a debit card in retail stores or online, nil info by phone unless I initiated the call, and I may "accidentally" transpose numbers in my SSN when it suits me. Lot of other actions help - it's a shame such are necessary; eventually civil penalties might help - I wonder if Target or Equifax would have been as cavalier with a $1 or $10 per person fine hanging over their heads. I think Equifax was in the 130 million range? Can't recall, but it would have been a big bite.

 

[RJM62]

Yeah, it is out there for most of us - but there is value in some containment; like an airport fence isn't a cure all for avionics thefts; nor is good ramp lighting, or the occasional pass by a rent-a-cop, or gate alarms. But at some point, the preponderance of all these measures does make one airport less appealing than another for a thief.

Not every bad actor will have access to the Equifax theft, for example. Might not have the money or contacts to buy it. So, yeah, I'm hosed by Equifax (and the VA, OPM, Home Depot, DoD, Target, mortgage company, etc.) - but there is still some good effect from doing things to reduce the further spread of your info.

Froze my credit long ago, don't use a debit card in retail stores or online, nil info by phone unless I initiated the call, and I may "accidentally" transpose numbers in my SSN when it suits me. Lot of other actions help - it's a shame such are necessary; eventually civil penalties might help - I wonder if Target or Equifax would have been as cavalier with a $1 or $10 per person fine hanging over their heads. I think Equifax was in the 130 million range? Can't recall, but it would have been a big bite.

I got caught up in most of those breaches as well, and I've also frozen my credit. I still use debit cards on occasion, however. I think the risk is way exaggerated, especially if the cards are chip-equipped. As far as I can tell from what I've read, it would be really, really hard to steal and clone a chip-equipped debit card number.

Before the chips became the norm, several of my debit cards were compromised. It never took more than a minute -- literally -- for the issuers to credit the money back to my account once I notified them of the fraudulent purchases. I still stopped using them anyway until they got chips; but now that they have them, I'll use them if it's more convenient.

One thing I won't use is magstripe terminals. If a store doesn't have a chip reader, I shop elsewhere.

Rich

 

[Lachlan]

Quietly Googling “Name: Sundancer. Date of birth: the other week. Primary residence: PofA board.”

...



...


Nothing yet...

 

[Noah Werka]

For you older pilots and CFIs, think if how many times you used your pilot certificate number for something or how many log books you endorsed with your CFI number. At one time your certificate number was your SSN. Your SSN has been comprised and public knowledge for years.

Noah W

 

[J4000]

Interesting that some folks have identify theft problems; while I doubt I'm alone at age 58 in saying I've never had mine stolen. I just wonder if there are certain types of financial dealings that make one more prone to identity theft than others?

 

[ChrisK]

Pandora's box is open. If you want to protect against identity theft, pay for credit monitoring.

 

[TCABM]

One thing I’ve noticed is the people I know who have been a victim of ID theft have one trait in common: Facebook and other social media presence. They’re pretty open with their info on the web. While not causal, I think your web presence may be a contributing factor.

Until 2013, you couldn’t put my face to a name using the most common search engines. Then, DoD put my face to name and broadcast it to the world in an interview I gave.

Since that made the web, the occurrences of scams targeting me have skyrocketed.

 

[James331]

I'm normally quite concerned about such things, but really?? Lol


Also why did you give them your DOB in the first place.

Do you also have your wife and family trained to only send birthday greeting in SHA-2 encrypted messages lol

 

[NoHeat]

Pandora's box is open. If you want to protect against identity theft, pay for credit monitoring.

Monitoring is better than nothing. Freezing is better. But neither will stop all identity theft. They do not prevent a bogus tax return filed in your name to claim a refund. Or a bogus claim on your medical insurance.

 

[ChrisK]

Monitoring is better than nothing. Freezing is better. But neither will stop all identity theft. They do not prevent a bogus tax return filed in your name to claim a refund. Or a bogus claim on your medical insurance.

True but the IRS increased protections a bit last year. Hope they work!

 

[SkyDog58]

For you older pilots and CFIs, think if how many times you used your pilot certificate number for something or how many log books you endorsed with your CFI number. At one time your certificate number was your SSN. Your SSN has been comprised and public knowledge for years.

Noah W

LOL. The pilots have nothing on the older A&P Mechanics when it comes to the number of times they wrote their SSN in logbooks and other maintenance records.

 

[X3 Skier]

After OPM gave my life history from my Security File to the Chinese and God knows who else, I don’t see any possible way to try and protect my identity.

I’ve had a few credit card frauds hit me with basically zero impact except waiting for a new card.

Cheers

 

[ChrisK]

After OPM gave my life history from my Security File to the Chinese and God knows who else, I don’t see any possible way to try and protect my identity.

I’ve had a few credit card frauds hit me with basically zero impact except waiting for a new card.

Cheers

I think a lot of us got hit by that.

 

[Sundancer]

James, as I said, I usually/usually don't expose my DOB. Was annoyed with myself that I must have done so with AOPA. . .Credit cards aren't much of a problem, other than for the issuer; it's a bigger headache when you buy a new RV and maybe a couple cars, etc. Only you didn't. . .getting that cleaned up is a bigger problem. In the Target debit and credit card hack, I believe it was the POS service provider that was the sieve.

 

[Sundancer]

LOL. The pilots have nothing on the older A&P Mechanics when it comes to the number of times they wrote their SSN in logbooks and other maintenance records.

Bleeech. . .some places still use "last four of your SSN", which is about all you need to figure out the first three and middle two.

 

[Tarheelpilot]

For you older pilots and CFIs, think if how many times you used your pilot certificate number for something or how many log books you endorsed with your CFI number. At one time your certificate number was your SSN. Your SSN has been comprised and public knowledge for years.

Noah W

Who you calling old :-/

 

[BigBadLou]

and changed my DOB to the standard 1/1/1900 I use everywhere else. No clue why I had missed that on my AOPA account.

Aren't you afraid no one will believe you are that young??

Funnily enough, some webpage creator monkeys actually prevent us from setting 1900 as our YOB. The reason escapes me. But maybe, just maybe, because they really do not believe that anybody can be 118 years old. The earliest YOB they allow is 1906. Go figure. Either a strange arbitrary number they picked or a complicated effort to query some DB somewhere for the age of the oldest person alive and then a quick subtraction from current year.

Just expected better from AOPA

Not really sure why. I've learned in the past that their privacy concerns are pretty low. With them using external websites to track our emails, links and clicks etc. One of many reasons I left and did not return.