No it is not ok to email me my Credit Card Number…

This is a copy of an actual email I had to send today…  I guess there are still a lot of people out there that do not understand the perils of the internet.

[Name removed] –

Good evening.  Thank you for emailing the rental confirmation:  however, I am surprised and disappointed that the image attached to the confirmation email contained the credit card number we used to book the rental property.  By trade, I am an information security technologist – I protect computer systems and data assets from digital theft.

Your email to my wife provided everything necessary for a digital thief to not only commit fraud against my credit card company, in my name, but it also encourages identity theft, as you included personally identifiable information and financial information within the attached image.

Unless very specific precautions are taken, email is an insecure medium and it should be assumed that the contents of email are made publicly available on the internet.

As a secondary example to underline the importance of discouraging the emailing of sensitive information, you accidentally misaddressed the email (sent to *******@******.com rather than ******@*****.com).  While the email was still redirected to a domain I have ownership in, because of my specific configuration, the email could have just as easily, sans my configuration, resulted in a scenario where my credit card was sent to some random person somewhere out on the internet.

As a necessary precaution, I now have to cancel my credit card, get a new card reissued, and go through the long and time consuming process of updating all my billing relationships – a set of tasks I had not planned on spending my evening completing.

I would recommend, in the future, that the practice of emailing sensitive information (such as credit card numbers) be eliminated from HOA procedures.

Thank you.