“it’s not known whether the leak came from within the company or one of its vendors.”
Isn’t it time that big tech companies and their sale of private data get regulated? I see a giant class-action lawsuit in the making here.
This is regulated. And there are penalties for violating those regulations. But it’s just not enough. Even a class action lawsuit won’t help the victims. Most of that money goes to lawyers.
Honestly, I don’t expect any of it to change until the penalties are so severe that major companies go under. Aka a corporate death penalty (which the US used to have). But even then, good software security is extremely hard. Almost everyone screws up something.
It is. The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have “no reasonable expectation of privacy” in that information. Source
Social Security numbers should really not be considered secret data. Too many places have leaked them.
Maybe – maybe – they’re okay for uniquely-identifying someone, but they’re a really bad way to authenticate someone.
I mean, this breach alone – if these are Americans – is something like 20% of the US population.
You can’t rely on something as authentication data if 20% of the population has irrevocable credentials that are floating around.
deleted by creator
