Lisa was called a 'slut' by bank's big data hijinks

Email Spam Internet Hacking
Tim Roberts | Stone | Getty Images

How does a woman get a letter from her bank, and it's addressed to "A Slut?" Or a man whose daughter died in an auto accident get a promotion addressed to "Daughter Killed In Car Crash/Or Current Business?"

Two cases in the past few weeks have shed a light on a silent industry that makes billions slurping up, slicing off and reselling every digitized data point about our lives, from the DVDs we buy to our own private griefs.

Forget whether the NSA is going to snoop your data; direct marketers have already got it, and they're not always taking the best care of it.

Last week, Lisa McIntire's mom texted her to say a Bank of America credit card offer had arrived at her house for her daughter. It was sent by Golden Key International, an honor roll society McIntire had joined, which is also an affiliate marketer for Bank of America. The letter was addressed to "Lisa Is A Slut McIntire."

(Read more: Republicans try to woo techies)

"I don't know what is going on, but having my mom receive mail addressed to "Lisa Is A Slut McIntire" is wildly not acceptable," McIntire, a San Francisco-based freelance writer, tweeted along with photos of the letter.

"We take full responsibility," Golden Key spokeswoman Melissa Leitzell told NBC News. She said that since McIntire joined in 2000, her account had been modified five times between 2004 and 2008. Four of those times the modifications occurred using her login, but in 2007, one of them was by a Golden Key customer service representative. That person hasn't worked for Golden Key since fall 2007, said Leitzell.

When marketers are dealing with hundreds of millions of people's personal records, there's bound to be errors, especially when humans are involved, said Steven Sheck, president of MailingLists.com, a mailing list broker.

More from NBC News:
Many Wrong Airport Landings Averted, Reports Show
Former New York Times Editor Bill Keller Leaving for News Nonprofit
Facebook's Zuckerberg Is the Most Generous American in 2013

"You can hire somebody who is mentally unfit and does this for their own personal gains," he said, adding that maybe the person did it to get a twisted thrill. For whatever reason, McIntire's entry became vandalized.

Typically companies screen their mailings lists for bad addresses and bad words, but "slut" somehow made it through.

A misanthropic employee's rogue keystrokes aren't the only thing customers are never supposed to see on their "special offers."

As much as they can, marketers buy and repackage every form you fill out, every "fun" survey you take, and every site you visit. Every time you make a blip on the data grid, someone is trying to harvest it, attach it to your name, and collate it with everything else the database knows about you. Marketers buy this information to send out targeted letters and emails and phone calls, saving on overhead by narrowing down their efforts to likely prospects.

Customers usually don't know why they're getting pitched. Then there are the slip-ups.

In late January, Mike Seay, a 46-year old unemployed man from Illinois whose daughter recently died in an automobile accident, received a letter from OfficeMax. It was addressed to "Mike Seay/Daughter Killed in Car Crash/Or Current Business."

OfficeMax apologized to the family and said it had upgraded its filters to flag inappropriate information. The office supplies retailer said that it had rented the list from a third-party provider and that it hadn't targeted those customers based on personal information.

But that doesn't mean Seay isn't on such a list.

(Read more: Hotels data breach ire could lead to tipping point)

'Critical moments' list
Pam Dixon, founder of the World Privacy Forum, has testified before the Senate about the increasing invasiveness of direct marketing lists. "The parents landed on what's called a 'critical moments' list," she said. "If you're recently widowed, divorced, lost a child ... diagnosed with a fatal mortal illness, that event will land you on one of those lists."

For some macabre marketers, that sheet of names represents an array of promising buyers.

So the entry field for a list called "daughter killed in car crash," somehow got mingled into the business name and Seay received his unnerving junk mail, said Dixon.

Sheck offers a more benign explanation. Often database entries contain a comments section, he said. A data entry worker, "might have put in "daughter killed in crash" to try to be nice to this person if talking on the phone, or to give them a discount," he said.

Though Seay's daughter's death was public and had been reported in the news, that it was considered a commoditizable piece of information represents a startling new frontier for privacy, or the lack thereof.

(Read more: Secret Service urges U.S. lawmakers to do more on cyber crime)

"Data brokers collect information from public data, from transactional data, everything you buy," said Dixon. And Increasingly, even more sources are getting trawled to "append" it to your basic name, address and age profile, including Facebook. "If you have not locked down a social media profile ... it's getting scraped," she said.

In her research, she found you could buy lists for people who suffer from cancer and Alzheimer's, and even rape victims. In one case, insurance companies bought lists of people with genetic illnesses. In another, a credit bureau sold data, including Social Security numbers and drivers' licenses, to a company connected to a ring of identity thieves.

"Once you're on these lists, you don't know where it goes," said Dixon.

—By Ben Popken, NBC News