Comments on: Suffering in silence with data leaks

Current laws may not compel merchants to notify consumers when their personal information is stolen.

[OneWithTech]

Where is the consumer protection in any of this?

I would like to inform all the read this the year is 2006.

1. 1 in 8 adults have had there identity stolen with that number
steadily rising.

2. It takes a Congressman in Ohio to pass a law in Iowa against
identity theft.

3. NewYork has the best consumer protection but might not very
well be enough due to Federal Guidelines.

What "in the pickles" is wrong with all three of those statements
above? I'll tell you what is wrong -- no consistency! Anywhere!

And we as a society are supposed to embrace a technology that
would allow us to simply hit up a web site, order our favorite
product or products, and see it in three days without ever
leaving the house. Mmmmn convenience!

Now that's a grandiose notion due to politician's and big
business who's sole purpose is to keep there clients in lieu of
money. How are we supposed to feel safe in cyberspace let alone
real space knowing that our data could be stolen from any one
of those big business like Amazon or Ebay.

The only people that are being saved is the business' selling the
product or service. They get to continue to keep there clients
and there clients money while leaving there clients to fend off
the thieves' aftermath.

FYI, server administrators are paid to ensure that servers are up
to date and patched. After all, that is how data is stolen and
servers hacked, un-patched programs that reside on a server. So
why shouldn't business' be made RESPONSIBLE for not patching
servers?

It is a known fact that exploits are taken and used against these
very companies to get to your data using readily available tool
from the net. Because these companies find it "expensive" in
some sorts to maintain the patches they just leave the servers
unsecured. In return making these companies easy targets for
hackers.

"I guess it's ok to pay your Network Administrator $100,000 a
year to replace keyboards. Personally I think his talent is useful
in other places, but what would I know (www.Tech01.net)?"

Where are the people in all of this? After all, we are trying to
protect the "People's" data. Here's a freebie for all you
politician's, especially Bush.

How about a Federal Law making ANYBODY's server that holds
ANY PERSON DATA of CLIENTS either POTENTIAL or CURRENT
report ANY breaches in the respected databases.

Here's a little bone to add to that:
If a server is breached it must also be reported to the FBI and
logged. Then if deammed the responsibily of the business was
at fault then a $75,000 fine be imposed on the company.

Gee, look at that, a commoner makes a one paragraph law that
makes sense and works across the board to ensure "The People
of the United States of America" are protected against such
crimes as Identity Theft as well as Cyber Theft.

~Justin
www.Tech01.net

[OneWithTech]

Where is the consumer protection in any of this?

I would like to inform all the read this the year is 2006.

1. 1 in 8 adults have had there identity stolen with that number
steadily rising.

2. It takes a Congressman in Ohio to pass a law in Iowa against
identity theft.

3. NewYork has the best consumer protection but might not very
well be enough due to Federal Guidelines.

What "in the pickles" is wrong with all three of those statements
above? I'll tell you what is wrong -- no consistency! Anywhere!

And we as a society are supposed to embrace a technology that
would allow us to simply hit up a web site, order our favorite
product or products, and see it in three days without ever
leaving the house. Mmmmn convenience!

Now that's a grandiose notion due to politician's and big
business who's sole purpose is to keep there clients in lieu of
money. How are we supposed to feel safe in cyberspace let alone
real space knowing that our data could be stolen from any one
of those big business like Amazon or Ebay.

The only people that are being saved is the business' selling the
product or service. They get to continue to keep there clients
and there clients money while leaving there clients to fend off
the thieves' aftermath.

FYI, server administrators are paid to ensure that servers are up
to date and patched. After all, that is how data is stolen and
servers hacked, un-patched programs that reside on a server. So
why shouldn't business' be made RESPONSIBLE for not patching
servers?

It is a known fact that exploits are taken and used against these
very companies to get to your data using readily available tool
from the net. Because these companies find it "expensive" in
some sorts to maintain the patches they just leave the servers
unsecured. In return making these companies easy targets for
hackers.

"I guess it's ok to pay your Network Administrator $100,000 a
year to replace keyboards. Personally I think his talent is useful
in other places, but what would I know (www.Tech01.net)?"

Where are the people in all of this? After all, we are trying to
protect the "People's" data. Here's a freebie for all you
politician's, especially Bush.

How about a Federal Law making ANYBODY's server that holds
ANY PERSON DATA of CLIENTS either POTENTIAL or CURRENT
report ANY breaches in the respected databases.

Here's a little bone to add to that:
If a server is breached it must also be reported to the FBI and
logged. Then if deammed the responsibily of the business was
at fault then a $75,000 fine be imposed on the company.

Gee, look at that, a commoner makes a one paragraph law that
makes sense and works across the board to ensure "The People
of the United States of America" are protected against such
crimes as Identity Theft as well as Cyber Theft.

~Justin
www.Tech01.net

[ordaj]

Disgusting. STOP SHOPPING ONLINE is the only asnwer

Until merchants can prove our information is safe. Right now, I always have a feeling that nothing is safe.

[ordaj]

Disgusting. STOP SHOPPING ONLINE is the only asnwer

Until merchants can prove our information is safe. Right now, I always have a feeling that nothing is safe.

[FarmerChet]

Breaches occur often. Companies do not know

There are probably 2 to 3 more time the breaches than we are ever told about.
Most private companies are too worried about customers and revenue to put in proper security and to perform checks and audits of that security.
Of the three large employers with commerce-based web sites I have worked for, only one would know if there was a breach.
One company, an austin-based promo products company, has had many questionable problems and never tells the customers it has about the problems. The whole company is run on pirated software and every exec has known about the problems and the priating for over 5 years.
Yet they continue to generate millions in revenue every year and they have Banks and Hospitals as a customer!
As an employee I cannot tell the customers or I will get fired and sued. Contacting government agencies does nothing, and even sending a list of the priated software to the BSA accomplishes nothing.
Any idiot can setup a web site and take money. There is nothing to compel them to manage security or software licenses. Its a very sad state. Use cash and do not buy online.

[FarmerChet]

Breaches occur often. Companies do not know

There are probably 2 to 3 more time the breaches than we are ever told about.
Most private companies are too worried about customers and revenue to put in proper security and to perform checks and audits of that security.
Of the three large employers with commerce-based web sites I have worked for, only one would know if there was a breach.
One company, an austin-based promo products company, has had many questionable problems and never tells the customers it has about the problems. The whole company is run on pirated software and every exec has known about the problems and the priating for over 5 years.
Yet they continue to generate millions in revenue every year and they have Banks and Hospitals as a customer!
As an employee I cannot tell the customers or I will get fired and sued. Contacting government agencies does nothing, and even sending a list of the priated software to the BSA accomplishes nothing.
Any idiot can setup a web site and take money. There is nothing to compel them to manage security or software licenses. Its a very sad state. Use cash and do not buy online.

[heystoopid]

Corporate Slackers

Corporate slackers, pay peanuts for computer security, that's what you get, wholesale theft of data held in any corporate computer!

But since in most corporations, we pay inflated salaries with similar large amounts of funds to their over inflated expense accounts(Jack's style) and share options, at the end of the day, there is no funds left in the kitty, for any form of data security!

Alas , you pay for what you get and get what you pay for! , but you can't get much security for peanuts!

Some choices in real life, can be very costly for some!

[heystoopid]

Corporate Slackers

Corporate slackers, pay peanuts for computer security, that's what you get, wholesale theft of data held in any corporate computer!

But since in most corporations, we pay inflated salaries with similar large amounts of funds to their over inflated expense accounts(Jack's style) and share options, at the end of the day, there is no funds left in the kitty, for any form of data security!

Alas , you pay for what you get and get what you pay for! , but you can't get much security for peanuts!

Some choices in real life, can be very costly for some!

[mikew12345]

freezing your credit doesn't work either

Knowing that I was going to take out a line of credit on my house in a month, I ran a little test. I notified the 3 major credit agencies that my identity may have been stolen, then waited until they confirmed in writing that my credit files had been appropriately flagged. Then I applied for the $100,000 line of credit against my house, and got it, and none of them contacted me about it. Where's the protection?

[ordaj]

YOU'RE not protected...

THEY'RE protected. Protected from spending any money or effort to take care of anything.

[drizzit]

There is a difference between a freeze and a watch

only people in a few states can freeze an account right now I believe. Watches don't work that is for sure.

Did you freeze or just put on a watch?

[mikew12345]

freezing your credit doesn't work either

Knowing that I was going to take out a line of credit on my house in a month, I ran a little test. I notified the 3 major credit agencies that my identity may have been stolen, then waited until they confirmed in writing that my credit files had been appropriately flagged. Then I applied for the $100,000 line of credit against my house, and got it, and none of them contacted me about it. Where's the protection?

[ordaj]

YOU'RE not protected...

THEY'RE protected. Protected from spending any money or effort to take care of anything.

[drizzit]

There is a difference between a freeze and a watch

only people in a few states can freeze an account right now I believe. Watches don't work that is for sure.

Did you freeze or just put on a watch?

[wbenton]

What's the REAL Problem here?

Information is stolen all the time. Much of it hits the news.

But the problem as I see it here is that customer's PIN information is also stored online as well.

THAT INFORMATION FOLKS!!! is WHAT SHOULD NEVER BE STORED!!!

They claim they did every thing possible... but apparently that didn't include NOT storing the PIN number...

So if ya ask me... They DIDN'T do everything possible... either before (storing the PIN) OR afterwards (notifying their customer's of the breach).

Whether it's required by law or not is another issue!!! The common sense thing to do (laws or not) is to notify those whom are affected... which they didn't do!

So in my book... they're guilty on both accounts of NOT doing EVERYTHING possible in the PRE-BREACH as well as NOT doing EVERYTHING possible in the POST-BREACH!

Walt

[wbenton]

What's the REAL Problem here?

Information is stolen all the time. Much of it hits the news.

But the problem as I see it here is that customer's PIN information is also stored online as well.

THAT INFORMATION FOLKS!!! is WHAT SHOULD NEVER BE STORED!!!

They claim they did every thing possible... but apparently that didn't include NOT storing the PIN number...

So if ya ask me... They DIDN'T do everything possible... either before (storing the PIN) OR afterwards (notifying their customer's of the breach).

Whether it's required by law or not is another issue!!! The common sense thing to do (laws or not) is to notify those whom are affected... which they didn't do!

So in my book... they're guilty on both accounts of NOT doing EVERYTHING possible in the PRE-BREACH as well as NOT doing EVERYTHING possible in the POST-BREACH!

Walt