Personal Records for 123 Million Americans Exposed in the Cloud

Silentbob343 said:
Equifax had a 3rd party PCI auditor and passed their audits. Needless to say that vendor was fired after the breach. I guess my point is who do you go after? And what level of precaution mitigates liability and who determines that?
Click to expand...

This is easy, and will satisfy the law mongers (like we need more).

Craft a law where credit bureaus and banks can have whatever level of liability they want written into their service agreements (you may not read those for phone apps, but should for your banking institutions) just so long as that mirrors the liability incurred by consumers when the applicable data is breached. No reason I should spend weeks or months sorting crap out when they can't be bothered to take the well known steps needed to prevent the issue in the first place. That's the big issue here, the people affected by the breaches are much more vulnerable to the consequences of Fraud/ID theft then the services (which are essentially mandatory) that made it possible in the first place. Hold their feet to the fire (make it cost MONEY, "Someone in Honduras bought 30K in capri pants on my card? Sucks to be you." x100,000,000) and you can bet security will move right on up the budget list.

As it stands, we are talking about speeding/parking tickets for millionaires. Even if they can't beat it, the results are inconsequential.
 
Kinda makes you wonder whether those collecting, storing, using, and losing such data might one day end up having something in common with a used clay target. Lots of nutjobs out there :D
 
Full Otto said:
This is easy, and will satisfy the law mongers (like we need more).

Craft a law where credit bureaus and banks can have whatever level of liability they want written into their service agreements (you may not read those for phone apps, but should for your banking institutions) just so long as that mirrors the liability incurred by consumers when the applicable data is breached. No reason I should spend weeks or months sorting crap out when they can't be bothered to take the well known steps needed to prevent the issue in the first place. That's the big issue here, the people affected by the breaches are much more vulnerable to the consequences of Fraud/ID theft then the services (which are essentially mandatory) that made it possible in the first place. Hold their feet to the fire (make it cost MONEY, "Someone in Honduras bought 30K in capri pants on my card? Sucks to be you." x100,000,000) and you can bet security will move right on up the budget list.

As it stands, we are talking about speeding/parking tickets for millionaires. Even if they can't beat it, the results are inconsequential.
Click to expand...

That sounds suspiciously like regulation. You monster!

Google GDPR

Nate
 
iamjanco said:
Kinda makes you wonder whether those collecting, storing, using, and losing such data might one day end up having something in common with a used clay target. Lots of nutjobs out there :D
Click to expand...
i dunno... do the crazies come to things like this, or are they born from it? maybe both, but it seems to me that if nobody's going to step up and protect us, that those "crazy" people might not be as crazy as everyone else is hyper-complacent or outright ignorant.

someone willing to do something on that level nowadays is definitely considered crazy by many. that sucks. history books used to be written around people we'd call crazy now.
 
Experian needs to be shut down or pay every American 1 million dollars for this crap.
 
Gweenz said:
It absolutely does if it can be proven that a company operating under HIPAA regulations is responsible for leaking any of this data. I'll let you in on a little secret though - the companies that must adhere to HIPAA don't care about HIPAA because there isn't anywhere near enough oversight to prosecute and punish them for breaking those rules.
Click to expand...
Im not sure you understand what HIPPA is for.....Its only for healthcare. Every healthcare provider does and has to care because the violations of these laws come with seriously heavy fines and possible loss of licenses to practice healthcare. Employees get termed on the spot if they are in violation of these laws. Healthcare Information Privacy Protection Act........its in the name. Google for example, isn't responsible for violating these laws unless they somehow get and post someones medical record.......It doesn't pertain to street addresses, SS #'s, Bank info, if its not attached to a medical record. I work in the industry.
 
SomeoneElse said:
Im not sure you understand what HIPPA is for.....Its only for healthcare. Every healthcare provider does and has to care because the violations of these laws come with seriously heavy fines and possible loss of licenses to practice healthcare. Employees get termed on the spot if they are in violation of these laws. Healthcare Information Privacy Protection Act........its in the name. Google for example, isn't responsible for violating these laws unless they somehow get and post someones medical record.......It doesn't pertain to street addresses, SS #'s, Bank info, if its not attached to a medical record. I work in the industry.
Click to expand...

FYI: Some people are talking about HIPAA and others HIPPA.
 
RogueTadhg said:
If someone wants to hack into the credit card companies and wipe away consumer debt....


...Not that I advocate such a thing...
Click to expand...
Now here's something there would be wide spread support for

CROTCH-PUNCH FTW
 
t0pquark said:
FYI: Some people are talking about HIPAA and others HIPPA.
Click to expand...

I think it's a safe bet to assume everyone who says "HIPPA" really means "HIPAA" (Health Insurance Portability and Accountability Act). I also think of "HIPPOS", because large water-elephant!
 
SomeoneElse said:
Im not sure you understand what HIPPA is for.....Its only for healthcare. Every healthcare provider does and has to care because the violations of these laws come with seriously heavy fines and possible loss of licenses to practice healthcare. Employees get termed on the spot if they are in violation of these laws. Healthcare Information Privacy Protection Act........its in the name. Google for example, isn't responsible for violating these laws unless they somehow get and post someones medical record.......It doesn't pertain to street addresses, SS #'s, Bank info, if its not attached to a medical record. I work in the industry.
Click to expand...

I know exactly what it is for. And, since we don't know where this data came from, it could be from a health care organization. I'm not saying it was, I'm saying IF it was the organization that leaked the data will be subject to the HIPAA laws.

And yeah in theory they care about HIPAA. In practice, they do not, and I know this from first hand experience. "Get fired on the spot" is laughable. If it's some low level worker, maybe.
 
Gweenz said:
. "Get fired on the spot" is laughable. If it's some low level worker, maybe.
Click to expand...
Since most VPs and CEOs aren't directly dealing with patient data and records they wouldn't be found in violation. But yes if found violation I've seen many cases, and heard a number of stories, where people outside my organisation that people were fired for violating these laws after the audit was completed. You must have a seen a pretty forgiving company.
 
commodork6510 said:
i dunno... do the crazies come to things like this, or are they born from it? maybe both, but it seems to me that if nobody's going to step up and protect us, that those "crazy" people might not be as crazy as everyone else is hyper-complacent or outright ignorant.

someone willing to do something on that level nowadays is definitely considered crazy by many. that sucks. history books used to be written around people we'd call crazy now.
Click to expand...

From a historical perspective, I agree. People often did whatever they truly believed they needed to do after weighing all of the pros and cons, especially where the pros outweighed the relative importance of everything else (including their own safety and security).

OTOH, from a hysterical perspective, I give you today... Jane meet John, and somewhere inbetween, it.
 
You must log in or register to reply here.
Back
Top