Just because way too many sites have a security that more or less non-existent, this should not be an excuse. Every breach should be severely punished. The only way corporations learn to take customer data safety seriously is through their wallets.
As long as customer data safety is just a cost factor, and penalties are just a mild slap on the wrist, there is no incentive to consider this as “just another cost of running business issue”.
Social Security numbers should really not be considered secret data. Too many places have leaked them.
Maybe – maybe – they’re okay for uniquely-identifying someone, but they’re a really bad way to authenticate someone.
I mean, this breach alone – if these are Americans – is something like 20% of the US population.
You can’t rely on something as authentication data if 20% of the population has irrevocable credentials that are floating around.
Just because way too many sites have a security that more or less non-existent, this should not be an excuse. Every breach should be severely punished. The only way corporations learn to take customer data safety seriously is through their wallets.
As long as customer data safety is just a cost factor, and penalties are just a mild slap on the wrist, there is no incentive to consider this as “just another cost of running business issue”.