Social Security numbers should really not be considered secret data. Too many places have leaked them.
Maybe – maybe – they’re okay for uniquely-identifying someone, but they’re a really bad way to authenticate someone.
I mean, this breach alone – if these are Americans – is something like 20% of the US population.
You can’t rely on something as authentication data if 20% of the population has irrevocable credentials that are floating around.
Just because way too many sites have a security that more or less non-existent, this should not be an excuse. Every breach should be severely punished. The only way corporations learn to take customer data safety seriously is through their wallets.
As long as customer data safety is just a cost factor, and penalties are just a mild slap on the wrist, there is no incentive to consider this as “just another cost of running business issue”.
“it’s not known whether the leak came from within the company or one of its vendors.”
Isn’t it time that big tech companies and their sale of private data get regulated? I see a giant class-action lawsuit in the making here.
This is regulated. And there are penalties for violating those regulations. But it’s just not enough. Even a class action lawsuit won’t help the victims. Most of that money goes to lawyers.
Honestly, I don’t expect any of it to change until the penalties are so severe that major companies go under. Aka a corporate death penalty (which the US used to have). But even then, good software security is extremely hard. Almost everyone screws up something.
Aka a corporate death penalty (which the US used to have). But even then, good software security is extremely hard. Almost everyone screws up something.
So corps would be regularly “executed” because of not getting it right at some point and that leading to such events.
What’s bad about that?
Companies are market entities, they are supposed to live for some time and die, so that evolutionary process would work.
Right now it’s like titans eating their children, they should die from regulator’s axe, ideally at the very moment when mistakes stop being sufficient to kill them.
https://www.att.com/support/article/my-account/000101995?bypasscache=1
How do I know if my information was included?
If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response.
I think that you’re gonna have a hard time tracking down 73 million people.
You think they’re going to send notices to ex-customers? I was an ATT customer for 2 decades and switched a few years ago. I’m wondering if I’m compromised, but won’t get notice because I’m not technically an active customer.
This crap is the new norm. Companies compile your data, don’t secure it, and the whole world becomes victims of identity theft. Then they get free credit monitoring from the companies that screwed then.
Use a strong password manager with unique complicated passwords.
Freeze your credit.
Assume someone is trying to impersonate you and open credit cards in your name at all times.
Sad state of affairs today.
Why companies aren’t fined for every customers data they didn’t secure properly is beyond me. This should cost them a specific sum per customer or part of their annual global revenue. Make it hurt.
Otherwise they have no reason to spend money to properly secure people’s data.
Devils advocate: It would give them additional insensitive to cover up the fact it happend.
My 2 cents: companies cant be trusted with your data and local data containers which you control, can give or reject limited acces to need to become the norm.
Cant cover it up if the hackers take credit. And with the info collected it won’t take much time to pin point where it came from.
Its happened before that leaks where covered up for months though, gives them time to sell stocks before public backlash .