Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: choice-point screw-up and secure hashes

From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Sat, 19 Mar 2005 12:25:01 +0100
On Saturday 19 March 2005 09:36, Kurt Seifried wrote:


The sad part is there is NO (Zero, Nada, Zilch) incentive for companies to
treat this data securely. Information for a hundred thousand people is
stolen. So what? The company is not criminally liable in any way (I haven't
heard of any laws yet). Civilly they're barely liable either. It'll be more
of the same until we have laws with penalties for allowing theft of
customer data. To bad insurance won't work, when a physical item is stolen
it costs money to get a new one, and insurance companies won't pay out
unless you took due care/diligence, OTOH if you steal all the electronic
data (and even erase it) a company just restores from a backup and goes on
with life.


Don't forget that it's bad for the company's image to have confidential 
customer data stolen. As soon as the press catches on it's bad for business. 
So, companies *do* have a drive to secure your private data.

 - Vincent van Scherpenseel

-- 
http://vincent.vanscherpenseel.nl/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: