Category Archives: Corporate Fuckery

Xfinity/Citrix Data Breach

I guess the new standard for companies handling their data breaches is to tell you it happened, telling you what bullshit measures they are doing to not-really rectify the situation, pushing the burden onto you to mitigate the damage of their fuckup, and not apologizing for the fuckup at all.

I’m no data security expert, but it seems to me that the birthdays, SSN digits, and secret questions/answers could have been hashed, and that would have significantly mitigated the potential impact of the breach.

Postmeds Data Breach

I received a letter in the mail today regarding a data breach that occurred between August 30, 2023 and September 1, 2023.  The breach may have included names and prescription information, including possibly the medication type, demographic info, and the prescribing physician.

Did you get this letter and have never heard of Postmeds too?  Well, Postmeds is either now known as or is doing business as TruePill…and if you use Mark Cuban’s Cost Plus Drugs (which I still highly recommend), TruePill is one of two companies contracted by Cost Plus to fill prescriptions.  And now you know how you got exposed.

What is Postmeds doing about the breach?  Improving their security, training their employees in cybersecurity threats, regretting the inconvenience, and otherwise telling us to fuck off.  They couldn’t do us the courtesy of telling us how this information could be used to compromise our security–and how to guard against that–because that would be admitting the potential ramifications of this breach.

And I’m grateful that I’m not on medication for any embarrassing medical conditions.

BlueShield of CA Contracting out Telemedicine Services to Teledoc, who Employs a Physician Indicted for Telemarketing Medicare Fraud Conspiracy

Well, this is concerning.  A member of my family had a Teledoc appointment with Dr. David Antonio Becerril, who was indicted on “sixteen counts of conspiracy, fraud, and false statements in connection with Dr. Becerril’s participation in a telemarketing health care fraud scheme”.  I’m all about second chances, but I’m not a fan of my healthcare being in the hands of someone who has allegedly a clear preference for money over my health outcomes.  Oh, and the doc fucked up my family member’s prescription too.

Shame on Blue Shield of California for trusting Teledoc, and shame on Teledoc for improperly vetting their healthcare providers.  This is what I get for my $860/month health insurance (after a 20 fuckin percent increase in the upcoming year, after a 15% increase last year).

Capital One Virtual Cards could be perfect if they weren’t so dumb

Capital One has a nifty feature called virtual cards–these enable you to generate unique credit card numbers, expiration dates, and CVC codes that you can provide on an individual basis to each vendor you transact with (or at least the ones that will accept just a card number–not a physical card–like your online vendors).  You can have one virtual card for Amazon (ugh), another for Uber (ugh vomit), etc.  Each virtual card is associated with an actual physical card.

If Amazon suffers a data breach, then you only have to cancel the virtual card assigned to Amazon–at least that’s the way it should work.  But for some idiotic reason, Capital One will cancel your physical credit card whenever its associated virtual card is compromised–and it seems that you have to fight for them to not cancel all other virtual cards when one virtual card is compromised.

I’m not a IT security expert, but this makes no fuckin sense to me.  I attempted a purchase from a website using a virtual card on Sunday.  Turns out it was a scam site, and that one virtual card number was compromised.  The scammers had access neither to the physical card credentials nor any of the other virtual cards.  But instead of merely deleting my compromised virtual card, Capital One canceled my physical card, and I can’t use it or any of my virtual cards until the new physical card arrives.

Their own damn website (see link above) promises better:

This is the second time this has happened to me this year–it’s a total waste of time for Capital One customers, a complete waste of time for Capital One employees, and a demonstration of absolutely idiotic policy-making at Capital One.

Attempting to Get to the Root of Spam Calls

I recently upgraded my T-Mobile plan, during which I learned about their Scam Shield app.  Scam Shield gives you an overview of your incoming calls, along with the ability to perform a reverse number lookup, which will tell you the company that handled the origination of the call.  Almost all of my spam calls were via VOIP and I’ve been attempting the likely futile effort of going after the spammers by reporting abuse to their VOIP carriers.  So far, I’ve been able to stop these repeated calls from a specific pair of phone numbers that were handled by Twilio.  So…if you wish to join me in this Sisyphean quest, get Scam Shield and then report these numbers to the spammers VOIP carriers.  Here’s a link to the various abuse reporting pages:

  • Bandwidth
  • IP Horizon – no link because these asshats don’t have a means to report abuse.
  • Onvoy
  • Twilio

Canceling the NY Times

It’s 2020 and you cannot cancel your subscription to the NY Times online.  Whereas a simple button would do the job, these asshats make you make a call, text, or chat with a “customer care advocate”.  Forget all the reasons why one should cancel their subscription, this is a prime example of corporate journalism bullshit.  FYI…you can email customercare@nytimes.com and potentially get this done with a single email.