[Full-disclosure] Re: choice-point screw-up and secure hashes
Vincent van Scherpenseel
mailinglists at vanscherpenseel.nl
Sat Mar 19 11:25:01 GMT 2005
On Saturday 19 March 2005 09:36, Kurt Seifried wrote:
> The sad part is there is NO (Zero, Nada, Zilch) incentive for companies to
> treat this data securely. Information for a hundred thousand people is
> stolen. So what? The company is not criminally liable in any way (I haven't
> heard of any laws yet). Civilly they're barely liable either. It'll be more
> of the same until we have laws with penalties for allowing theft of
> customer data. To bad insurance won't work, when a physical item is stolen
> it costs money to get a new one, and insurance companies won't pay out
> unless you took due care/diligence, OTOH if you steal all the electronic
> data (and even erase it) a company just restores from a backup and goes on
> with life.
Don't forget that it's bad for the company's image to have confidential
customer data stolen. As soon as the press catches on it's bad for business.
So, companies *do* have a drive to secure your private data.
- Vincent van Scherpenseel
Full-Disclosure is hosted and sponsored by Secunia.