SoylentNews is people
SoylentNews
Renowned security researcher Bruce Schneier has a story up on his blog On the Equifax Data Breach:
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.
Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).
The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.
This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.
Its customers are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer -- everyone who wants to sell you something, even governments.
It's not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you -- almost all of them companies you've never heard of and have no business relationship with.
Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.
Bruce continues with observations about the data gathering activities of such on-line behemoths as Google and Facebook, as well as companies as mundane as your cell phone provider. Sadly, massive data breaches such as what happened at Target, Home Depot, and Yahoo! gathered media attention for a while, but after a matter of time faded from public awareness and concern.
He suggests the only solution is government regulation. Maybe. But that also runs up against the problem of regulatory capture.
What, if anything, can be done? Mandate a minimum payment of, say, $100.00 to each person who had information disclosed? That would certainly boost a company's willingness to implement security best-practices.
(Score: 5, Insightful) by Anonymous Coward on Friday September 15 2017, @04:15AM
Thanks to complete and gross ineptitude and reckless disregard for personal information now a large chunk of the entire United States has just had all the information criminals need to engage in identity theft or break many 'prove you are you' systems. When people fall victim to this the costs, opportunity and real, amount to the thousands of dollars.
That's just compensatory damages. The whole point of fees is not just compensation. It's deterrence. When you run pay a traffic fine you're not paying for the damage you directly caused with your actions. You're paying a fee that deters you from ever doing that again. And it's clear big companies could not care less about the security of the vast amounts of data they're collecting (and storing) on everybody. It's time for punitive damages to start hitting the ceiling. And given the scale of the breach and recklessness in this case, it would be appropriate for this fine to break Equifax.
But what does it matter? This is all fantasy. We live in a country where we have a democratic government only in name. They're controlled by corporations. Equifax will get a slap on the wrist, make a public apology (we're sorry you feel we did anything wrong), and promise to never do it again (heh heh).