

Ask HN: How bad is it to send Tax ID via plain text email? - chill1

I recently received an email from BrainTree Payments to verify my merchant information. They need to get the correct information for tax purposes, I get it.<p>I was dismayed to see my Tax ID and Legal Name next to each other in a plain text email.<p>I am a developer, but I do not have a lot of knowledge in the area of computer networking. So I am not 100% sure of the implications of sending sensitive information via plain text email.<p>How bad is this?
======
olefoo
It's bad but not tragic. If your mailserver and theirs are both set up to use
TLS connections by default, it's likely that your data was not available in
plaintext on a public network. However the problem with opportunistic
encryption is that while most service providers do set up their systems like
that, it's not guaranteed.

Still, I'm mildly surprised that Braintree is not following the 'secure
administrative login' pattern that most banks use for that type of account
management information; since that reduces the risk exposure.

TL;DR they should make you log in to their https website.

