Friday, May 1, 2009

DebtGoal: How big can a 'glitch' be and still be a 'glitch?'

Today I was shocked to learn that in the past month I've made zero progress towards paying off the balance on my Target Visa card, which sits at a whopping 20% interest rate.

Mostly, I was surprised because I've never had a Target card. I've also never had a credit card with a 20% interest rate. I'm sure you can imagine my shock!

That said, I'm sure someone else was even more surprised when they opened their DebtGoal statement and discovered that they owe USAA the cost of roughly one month in Africa plus airfare for three. (Sometimes I still surprise myself).

As it turns out, a "glitch" occurred in DebtGoal's system that mistakenly sent someone else's statements to "a limited number of users."

Thankfully, DebtGoal doesn't actually collect account numbers, and I didn't receive any identifying information about the person whose statement I received. I communicated with DebtGoal and was told it was an error, which affected only some of their users, and a few hours later received an accurate statement.

It did get me reconsidering though. I leave all of my organizing to the Web. I'm responsible for little file storage or organization of actual "paper" some free Web service is out there for everything. My digital photos are all stored online (presuming this to be FAR more reliable than my hard drive or a DVD my kids are likely to turn into a school construction project).

According to an article from TechCrunch in April, Facebook, Twitter and Google Documents have all recently had similar breaches. I myself have experienced mis-directed Twitter tweets, and even some people have complained of trying to view my profile and getting someone elses' (usually SPAM-intense or otherwise offensive) profile.

Just how much faith should we have in the cloud? What can our providers do to ensure that we won't have our personal information or bank account balances eventually being tied to our google profiles because of some security "glitch."

Which brings me to my last point...someone must distinguish the lines between a security "anomaly," "glitch," "error," "leak," and an all-out "hemorrhage."

Don't be mistaken, I'm not unhappy with DebtGoal, they didn't release sensitive information to me, mostly just confusing. I don't think they even store sensitive data (their structure wouldn't require it). That said, other sites I use regularly do. Sometimes I use a favorite site like Amazon, Paypal or other to see what my credit card number actually is--as I shredded it a few months ago. If they're the only ones that still know my credit card number, I really want to make sure its safe. Exactly how much should we be trusting "the cloud?"

Update: DebtGoal responds to security breach

Jessica Ward is a freelance writer from Seattle. She writes on personal finance, technology and family. To learn more, visit or follow her on Twitter at @jessc098


JessicaW said...

I just saw this article about how Twitter had unauthorized access and the details of 10 users exposed.

Kelly said...

It's definitely scary and everyone should be smart about giving up personal information (especially banking info!!) when joining new web sites. Howevr, it can (and does) happen to ANYONE, so we should all be willing to forgive the occasional "glitch" so long as it was clearly unintentional and managed by the company responsible (which in this case, sounds like it was)

joellefko said...

Wow that is REALLY scary. This site could very well be a fly by night type of operation. Web has always given the little guys the ability to represent a much bigger stronger operation.

Commercial Finance

JessicaW said...

Debt Goal has sent a really good response, which I'm going to post today as a separate post. Thanks.


Birdie said...

WOW! Thanks for the heads up! I had considered a different financial online organizer but decided against it for just this reason. Now I'm really glad. Defintely pays for us to be very cautious, that's for sure :)