SoylentNews is people
SoylentNews
Renowned security researcher Bruce Schneier has a story up on his blog On the Equifax Data Breach:
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.
Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).
The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.
This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.
Its customers are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer -- everyone who wants to sell you something, even governments.
It's not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you -- almost all of them companies you've never heard of and have no business relationship with.
Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.
Bruce continues with observations about the data gathering activities of such on-line behemoths as Google and Facebook, as well as companies as mundane as your cell phone provider. Sadly, massive data breaches such as what happened at Target, Home Depot, and Yahoo! gathered media attention for a while, but after a matter of time faded from public awareness and concern.
He suggests the only solution is government regulation. Maybe. But that also runs up against the problem of regulatory capture.
What, if anything, can be done? Mandate a minimum payment of, say, $100.00 to each person who had information disclosed? That would certainly boost a company's willingness to implement security best-practices.
(Score: 5, Interesting) by KilroySmith on Friday September 15 2017, @03:47AM (3 children)
If the copyright cartel can get ruinous statutory awards for file sharing, even without showing harm, I should be able to also. $500 doesn't seem unreasonable, considering the number of hours and the money it would cost me to straighten out an issue caused by this breach.
Require that a breached company must notify the public within 72 hours of discovering a breach, and notify each individual involved within 7 days.
Require that the notification provide a way for the affected individual to find out precisely what got taken, or may have gotten taken - not just "credit card and personal information", but all of the records and data that may have been accessed - it pissed me off when Anthem wouldn't tell me what information got taken. They know it, and the bad guys know it, but I'm not allowed to know it?
If they're gonna collect data on me without my permission, data that can be used to destroy my financial stability if handled poorly, then they need to take responsibility for that data, and the damage that will be done to me if the data is exposed.
(Score: 1) by fustakrakich on Friday September 15 2017, @04:19AM (1 child)
And who is going to write all these new rules, or even adequately enforce the old ones? I mean, it looks like nobody wants the job. The ones that do are woefully unqualified. What to do, what to do...
La politica e i criminali sono la stessa cosa..
(Score: -1, Troll) by Anonymous Coward on Friday September 15 2017, @04:42AM
You voted, which according to you gave the winners your unrevokable consent [soylentnews.org]. You don't object to physical rape [soylentnews.org], so isn't it hypocritical of you object to mere financial rape?
I know! You could spout some more empty [soylentnews.org] platitudes [soylentnews.org] without having even a scrap of principle you'd be willing to take a stand on.
(Score: 3, Interesting) by VLM on Friday September 15 2017, @11:34AM
1) All of it. I don't wanna say how bad it is, means its like ten megs worth of stuff per person. OCRd scanned bills and reimbursement check stubs and med records the whole thing.
2) There's a classic social engineering back where the "bad guy" calls the Indian call center, convinces them they're KilroySmith (how hard can it be, especially if they've got half your info from this or numerous other breaches) and next thing you know some Indian dude thinks he's providing information to "you" but its actually an attacker.