diff --git a/cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll b/cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll
index 65a243af1d6..faca0d8513e 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll
@@ -21,13 +21,13 @@ private string privateNames() {
     ".*(" +
       // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
       // Government identifiers, such as Social Security Numbers
-      "social.*security|" +
+      "social.?security|" +
       // Contact information, such as home addresses and telephone numbers
-      "postcode|zipcode|telephone|" +
+      "post.?code|zip.?code|telephone|" +
       // Geographic location - where the user is (or was)
       "latitude|longitude|" +
       // Financial data - such as credit card numbers, salary, bank accounts, and debts
-      "credit.*card|salary|bank.*account|" +
+      "credit.?card|salary|bank.?account|" +
       // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
       "email|mobile|employer|" +
       // Health - medical conditions, insurance status, prescription records
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
index 26cdb031216..486c8a826a3 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -226,6 +226,7 @@ nodes
 | test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
 | test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
 | test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
+| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
 | test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
 | test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
 | test3.cpp:513:18:513:22 | email | semmle.label | email |
@@ -273,6 +274,7 @@ subpaths
 | test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@ | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
 | test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@ | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
 | test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@ | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
+| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:18:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@ | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
 | test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@ | test3.cpp:511:18:511:26 | telephone | telephone |
 | test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@ | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
 | test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@ | test3.cpp:513:18:513:22 | email | email |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
index dd4b1aa71d6..9e50b5c94db 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
@@ -507,7 +507,7 @@ void tests2(person_info *pi)
 	send(val(), pi->social_security_number, strlen(pi->social_security_number), val()); // BAD
 	send(val(), pi->socialSecurityNo, strlen(pi->socialSecurityNo), val()); // BAD
 	send(val(), pi->homePostCode, strlen(pi->homePostCode), val()); // BAD
-	send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD [NOT DETECTED]
+	send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD
 	send(val(), pi->telephone, strlen(pi->telephone), val()); // BAD
 	send(val(), pi->mobile_phone_number, strlen(pi->mobile_phone_number), val()); // BAD
 	send(val(), pi->email, strlen(pi->email), val()); // BAD