I don't recall how user data was stored or accessed, but I'm certain there will have been separate fields, or at least a flag indicating whether the person opted out from being targeted by their phone number.
That being said, it will have been incredibly easy for a single engineer to make this mistake (code review probably should have caught it? But maybe it looked just close enough to the right data source), and it would have been extraordinarily difficult to discover.
Not a chance. It's never a single engineer, code gets the PR checked by another engineer and the Jira will be specific with any PII, probably written by committee, all of whom know the importance of the data. Don't conflate this crap with blaming a single nebulous engineer.
I've not worked in years at a place that wouldn't understand the importance of PII. Not that it doesn't happen, but let's not mince words here - this was wilfully done.
verst|6 years ago
That being said, it will have been incredibly easy for a single engineer to make this mistake (code review probably should have caught it? But maybe it looked just close enough to the right data source), and it would have been extraordinarily difficult to discover.
sofaofthedamned|6 years ago
I've not worked in years at a place that wouldn't understand the importance of PII. Not that it doesn't happen, but let's not mince words here - this was wilfully done.
atian|6 years ago