Walmart: Difference between revisions

Line 22:

Walmart uses a technology called ''[[bluetooth beacon]],'' a technology often found in physical retail locations used for precise indoor positioning<ref>{{Cite web |date=1 Jan 2024 |title=What You Must Know About Bluetooth Beacons Before Purchasing in 2025 |url=https://mapsted.com/blog/what-you-must-know-about-bluetooth-beacons-before-purchasing |website=Mapsted}}</ref>, particularly those with the Walmart app installed<ref name=":2">{{Cite web |last=Kwet |first=Michael |title=In Stores, Secret Surveillance Tracks Your Every Move |url=https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html |website=The New York Times}}</ref>. The technology works with a device often hidden on the top of shelving units inside of retail store that then connects with the smartphone device often through retailer apps, though this may include other spyware apps not owned by the actual retailer<ref name=":2" />. While many advertisers often use cellphone towers and GPS to track and advertise to consumers based on their location, bluetooth beacons are significantly more precise, particularly indoors where they are used in many places like airports and shopping malls<ref name=":2" />. This allows companies like Walmart to send precise location data of customers to third-party advertisers, allowing highly specific targeted ads depending on what aisle the customer happens to be standing in<ref name=":2" />.

=== Data collection ===

===Data collection===

Walmart collects an extensive amount of data, including specific personal and legal identifiers, as outlined in their privacy notice:<blockquote>

* '''Basic Personal Identifiers''', such as name, telephone number, physical address, email address, government-issued identifiers (e.g., national identification numbers, driver’s license numbers), and signatures.

*'''Basic Personal Identifiers''', such as name, telephone number, physical address, email address, government-issued identifiers (e.g., national identification numbers, driver’s license numbers), and signatures.

* '''Device and Online Identifiers''', such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.

*'''Device and Online Identifiers''', such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.

* '''Internet and Other Network Activity Information''', such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).

*'''Internet and Other Network Activity Information''', such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).

* '''Commercial Information''', such as purchase and transaction history information (products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Auto Care Center), product reviews, travel and vacation information, and sweepstakes and contest entries.

*'''Commercial Information''', such as purchase and transaction history information (products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Auto Care Center), product reviews, travel and vacation information, and sweepstakes and contest entries.

* '''Communications''', such as the content of emails, text messages, interactions with our bot (AI assistant chatbots), or other communications, call logs, and calendar information, where Walmart is a party to the exchange.

*'''Communications''', such as the content of emails, text messages, interactions with our bot (AI assistant chatbots), or other communications, call logs, and calendar information, where Walmart is a party to the exchange.

* '''Demographic Information''', such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.

*'''Demographic Information''', such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.

* '''Financial Information''', such as credit or debit card numbers, and financial account numbers.

*'''Financial Information''', such as credit or debit card numbers, and financial account numbers.

* '''Biometric Information''', such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.

*'''Biometric Information''', such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.

* '''Geolocation''', such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise. For more information about precise geolocation, see the ''How Do We Collect Personal Information? > Collected Through Automated Means'' section below.

*'''Geolocation''', such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise. For more information about precise geolocation, see the ''How Do We Collect Personal Information? > Collected Through Automated Means'' section below.

* '''Sensory Information''', such as audio, visual information, and other sensory information such as photographs and audio and video recordings.

*'''Sensory Information''', such as audio, visual information, and other sensory information such as photographs and audio and video recordings.

* '''Background Information''', such as background checks and criminal convictions.

*'''Background Information''', such as background checks and criminal convictions.

* '''Inferences''', such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.

*'''Inferences''', such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.

</blockquote>

=== ~~Walmart data~~ breaches ===

=== Data sent to third parties ===

...

===Data breaches===

With all this data collection in mind, including government ID's and personal text messages, Walmart has had many data breaches over the years, most notably between 2021 and 2024.

==== Employees' 401k data ====

====Employees' 401k data====

In April 2024, Walmart experienced a data breach of personally identifiable information for nearly 2,000 employees, including names and social security numbers, due to Walmart's retirement plan administrator sending an accidental email with the information<ref>{{Cite web |last=Kelly |first=Bruce |date=28 May 2024 |title=Merrill data bungle hits Walmart 401(k) plan |url=https://www.investmentnews.com/fintech/merrill-data-bungle-hits-walmart-401k-plan/253844 |website=Investment News}}</ref><ref name=":3">{{Cite web |date=17 Apr 2025 |title=Walmart Data Breach: What Happened and How They Solved It |url=https://www.strongdm.com/what-is/walmart-data-breach |website=StrongDM}}</ref>. Walmart responded by providing employees with identity theft protection for a rough total of $1 million<ref name=":3" />.

@@ Line 22: / Line 22: @@
 Walmart uses a technology called ''[[bluetooth beacon]],'' a technology often found in physical retail locations used for precise indoor positioning<ref>{{Cite web |date=1 Jan 2024 |title=What You Must Know About Bluetooth Beacons Before Purchasing in 2025 |url=https://mapsted.com/blog/what-you-must-know-about-bluetooth-beacons-before-purchasing |website=Mapsted}}</ref>, particularly those with the Walmart app installed<ref name=":2">{{Cite web |last=Kwet |first=Michael |title=In Stores, Secret Surveillance Tracks Your Every Move |url=https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html |website=The New York Times}}</ref>. The technology works with a device often hidden on the top of shelving units inside of retail store that then connects with the smartphone device often through retailer apps, though this may include other spyware apps not owned by the actual retailer<ref name=":2" />. While many advertisers often use cellphone towers and GPS to track and advertise to consumers based on their location, bluetooth beacons are significantly more precise, particularly indoors where they are used in many places like airports and shopping malls<ref name=":2" />. This allows companies like Walmart to send precise location data of customers to third-party advertisers, allowing highly specific targeted ads depending on what aisle the customer happens to be standing in<ref name=":2" />.
-=== Data collection ===
+===Data collection===
 Walmart collects an extensive amount of data, including specific personal and legal identifiers, as outlined in their privacy notice:<blockquote>
-* '''Basic Personal Identifiers''', such as name, telephone number, physical address, email address, government-issued identifiers (e.g., national identification numbers, driver’s license numbers), and signatures.
+*'''Basic Personal Identifiers''', such as name, telephone number, physical address, email address, government-issued identifiers (e.g., national identification numbers, driver’s license numbers), and signatures.
-* '''Device and Online Identifiers''', such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.
+*'''Device and Online Identifiers''', such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.
-* '''Internet and Other Network Activity Information''', such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).
+*'''Internet and Other Network Activity Information''', such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).
-* '''Commercial Information''', such as purchase and transaction history information (products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Auto Care Center), product reviews, travel and vacation information, and sweepstakes and contest entries.
+*'''Commercial Information''', such as purchase and transaction history information (products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Auto Care Center), product reviews, travel and vacation information, and sweepstakes and contest entries.
-* '''Communications''', such as the content of emails, text messages, interactions with our bot (AI assistant chatbots), or other communications, call logs, and calendar information, where Walmart is a party to the exchange.
+*'''Communications''', such as the content of emails, text messages, interactions with our bot (AI assistant chatbots), or other communications, call logs, and calendar information, where Walmart is a party to the exchange.
-* '''Demographic Information''', such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.
+*'''Demographic Information''', such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.
-* '''Financial Information''', such as credit or debit card numbers, and financial account numbers.
+*'''Financial Information''', such as credit or debit card numbers, and financial account numbers.
-* '''Biometric Information''', such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.
+*'''Biometric Information''', such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.
-* '''Geolocation''', such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise. For more information about precise geolocation, see the ''How Do We Collect Personal Information? > Collected Through Automated Means'' section below.
+*'''Geolocation''', such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise. For more information about precise geolocation, see the ''How Do We Collect Personal Information? > Collected Through Automated Means'' section below.
-* '''Sensory Information''', such as audio, visual information, and other sensory information such as photographs and audio and video recordings.
+*'''Sensory Information''', such as audio, visual information, and other sensory information such as photographs and audio and video recordings.
-* '''Background Information''', such as background checks and criminal convictions.
+*'''Background Information''', such as background checks and criminal convictions.
-* '''Inferences''', such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.
+*'''Inferences''', such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.
 </blockquote>
-=== Walmart data breaches ===
+=== Data sent to third parties ===
+...
+===Data breaches===
 With all this data collection in mind, including government ID's and personal text messages, Walmart has had many data breaches over the years, most notably between 2021 and 2024.
-==== Employees' 401k data ====
+====Employees' 401k data====
 In April 2024, Walmart experienced a data breach of personally identifiable information for nearly 2,000 employees, including names and social security numbers, due to Walmart's retirement plan administrator sending an accidental email with the information<ref>{{Cite web |last=Kelly |first=Bruce |date=28 May 2024 |title=Merrill data bungle hits Walmart 401(k) plan |url=https://www.investmentnews.com/fintech/merrill-data-bungle-hits-walmart-401k-plan/253844 |website=Investment News}}</ref><ref name=":3">{{Cite web |date=17 Apr 2025 |title=Walmart Data Breach: What Happened and How They Solved It |url=https://www.strongdm.com/what-is/walmart-data-breach |website=StrongDM}}</ref>. Walmart responded by providing employees with identity theft protection for a rough total of $1 million<ref name=":3" />.