March 29, 2006 4:00 AM PST
Suffering in silence with data leaks
(continued from previous page)
"Disclosure shall be made in the most expedient time possible and without unreasonable delay," the law reads.
But New York may have to yield to federal regulation that offers consumers even fewer rights to demand notification about data leaks, should legislation being considered by Congress become law, said Rep. Barney Frank, the senior Democrat on the House financial services committee.
Some of the bills under consideration would give companies greater latitude in deciding when to report the loss of customer information, and would also restrict the right of consumers to freeze their bank accounts should their personal details be stolen, Frank said.
"The whole thing is ridiculous," said Frank, who argues that states should be allowed to set their own disclosure laws. "Not exposing these companies violates every good conservative principle of law enforcement, which says that the person who does the wrong is the one who must pay the price."
Certainly, some merchants have spoken up about losing customer data. Wal-Mart Stores issued a press release after thieves obtained personal information from an undisclosed number of Sam's Club customers in October.
But when other companies hesitate to inform customers, they are only helping cyberbandits, argues CardCops.com's Clements, who has been involved in exposing more than 500 illegal digital intrusions. Time is of the essence when it comes to catching thieves and minimizing the damage to consumers, he said.
"Keeping a data theft under wraps only increases the chance for hackers to steal a consumer's identity," Clements said. "The longer you wait, the more time you give hackers to work. If people are informed, they at least have a chance to protect themselves."
Hours before a reporter informed Perry on Feb. 17 that her card was for sale on the Web, she received a call from Visa informing her that it had flagged several suspicious charges. She confirmed that the charges were indeed unauthorized.
The hacker who stole her information has a reputation for dealing in "cherry cards," meaning his card information is usually valid and valuable. That thieves can so brazenly sell such data is troubling to many, given that only about 17 percent of the country's largest 230 merchants meet security standards required by the major credit card companies, according to Visa.
"The whole thing made me feel very vulnerable," said Perry, who put a 90-day hold on her credit to help thwart any attempts to steal her identity. "Before I go shopping again, I'm going to look for a security symbol, something that tells me the site's security has been approved."
16 commentsJoin the conversation! Add your comment