Pull up a chair, pour a cuppa and lend me your ear, because I’m going to walk you through a story that’s stranger than fiction. Picture this; you’re merrily going about your business, sharing a flat via a popular platform called Roomster. You’ve handed over all your identity proofs, resting secure in the knowledge that your data is well-protected. Until, one fine day, a complete stranger uncovers that you couldn’t be more wrong.
Have you ever heard of a chap named JayeLTee? Well, we all owe him a tip of the hat or two. This sharp-eyed Joe stumbled upon a mess of a server back in November, brimming with oodles of unintended show-and-tell. Yup, you guessed it: sensitive personal information from over 320,000 image files, including driving licences, passports, IDs, work permits, you name it. As our hero navigated this digital Pandora’s box, the enormity of the issue became clear. Over 44 million files had been laid bare, unintentionally put on display since mid-2022 – or perhaps even earlier.
So, what does a good samaritan do in such a situation? Reach out, of course. But striking up a conversation with Roomster proved a tad complex, as they seem to have given the traditional “contact us” information a miss. Undeterred, our friend JayeLTee found an email address in their privacy policy and sent a note, pouring out his discovery. 9 days on, the errant data was still out there for all to see. Roomster hadn’t deigned to respond.
Not one to twiddle his thumbs, JayeLTee decided to involve higher authority – the Attorney General’s office in New York. He gave them a shout-out about Roomster’s laissez-faire attitude to data protection. Whether it was this serious step or just Roomster finally waking up from their slumber isn’t crystal clear. All we know is that finally, on December 21, the information kitty was closed and the data secured.
To this day, Roomster hasn’t officially acknowledged JayeLTee’s timely nudge. The New York State Attorney General’s office, however, was more courteous, politely acknowledging his input, while remaining ambiguous about contacting Roomster or any plans for subsequent action.
Roomster’s struggles with data protection seem to have previous precedents. In 2023, they had a run-in with the Federal Trade Commission and six states, including New York. Roomster had been painting an inaccurate picture about their listing authenticity and reviews. Furthermore, the company’s lack of visibility about its data security measures doesn’t lend much reassurance about any lessons learned from past incidents.
Are we asking for too much in expecting complete data safety for more than two years? Is it fair to demand our sensitive information to be encrypted? Well, given the potential repercussions, it may be only logical for Roomster to step up their game, or they may find themselves in a sticky regulatory wicket again – what a pickle!
It’s a bit of a cliffhanger, isn’t it? Stay tuned for the next chapter in this digital saga – where, hopefully, our data stays secure in its place, and not the talk of the virtual town.
by Parker Bytes
