Here is an interesting story about how a supermarket loyalty program’s database was used to help track a person’s location.
Person 1 loses a valuable watch in a supermarket. Person 2 finds it and, instead of returning it as required by law, keeps it. Two years later, he brings it in for repair. The repairman checks the serial number against a lost/stolen database. Person 2 doesn’t admit he found the watch, but instead claims that he bought it in some sort of used watch store. The police check the loyalty-program records from the supermarket and find that Person 2 was in the supermarket within hours of when Person 1 said he lost the watch.
Did you ever think that your supermarket loyalty card’s database would be used for such tracking purposes?
[via Schneier on Security]