We hear about data breaches all the time. It is happening left and right because companies are not willing to put into place the effort that needs to be applied. It costs too much… it eats into the profit that they are so happy to gobble up.
You know what? Fuck them! Oh sure they get bad press, oh my look XYZ got hacked and there goes our data.
What happens to them? not much. They cash in their data breach insurance and pay for the victims to have a year or two of credit protection. Pop-Flippen-Whistle. My data has been stolen a few times that I know of. Thankfully so far, fake identities have not been taken out using the data.
I am a military vet, China stole my shit years ago.
If you want to start applying pressure to these companies, make it hurt a bit.
Let’s say that the victim of the data loss is seeing this for the first time, okay, give them credit protection. If they already have credit protection, then PAY them a fair amount for their a) exposure, b) the vendor’s negligence, and c) the mental anguish that this may cause. Now if there are actual damages incurred say form a fake account being opened, the negligent vendor gets to pay for ALL of it.
I am a cyber security professional, and I take this work seriously. I have been helping people learn cyber security for over a decade.
Companies will not take this stuff seriously until they either they get more than a wrist slap, or people start going to prison. The first step, make it hurt their wallet, bonus, golden parachutes, etc.