These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
I agree. Even at $120 each. 120 times tens of millions is serious fucking cash.
We need to have a couple of big companies go bankrupt over this shit. Then maybe they will start taking it seriously. Perhaps at that point maintaining personal data on people will be seen as a liability rather than an asset. And that’s what we really need.
In the case of this breach, I’d be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we’d be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer’s fees, not me.
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
It’s only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.
afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.
Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.
Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.
These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
I agree. Even at $120 each. 120 times tens of millions is serious fucking cash. We need to have a couple of big companies go bankrupt over this shit. Then maybe they will start taking it seriously. Perhaps at that point maintaining personal data on people will be seen as a liability rather than an asset. And that’s what we really need.
In the case of this breach, I’d be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we’d be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer’s fees, not me.
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
Oh if only I was European.
But instead they will be fined, and they will pay that fine to the government.
They just pay up and do it again. It’s a business expense, not a punishment.
I expect they get themselves insured for it
and then, us as the consumer will pay for the fine as well
The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
Now my friends know I bought an Alienware device. I’m never going to live this down.
It’s only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.
afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.
Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.
Don’t care, punish them all the same.
Instantly makes ransomware far more profitable.
Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
If the data is breached, won’t we find out anyways once they start selling it?
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.