[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: choice-point screw-up and secure hashes
- To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Re: choice-point screw-up and secure hashes
- From: Vincent van Scherpenseel <mailinglists@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 19 Mar 2005 12:25:01 +0100
On Saturday 19 March 2005 09:36, Kurt Seifried wrote:
> The sad part is there is NO (Zero, Nada, Zilch) incentive for companies to
> treat this data securely. Information for a hundred thousand people is
> stolen. So what? The company is not criminally liable in any way (I haven't
> heard of any laws yet). Civilly they're barely liable either. It'll be more
> of the same until we have laws with penalties for allowing theft of
> customer data. To bad insurance won't work, when a physical item is stolen
> it costs money to get a new one, and insurance companies won't pay out
> unless you took due care/diligence, OTOH if you steal all the electronic
> data (and even erase it) a company just restores from a backup and goes on
> with life.
Don't forget that it's bad for the company's image to have confidential
customer data stolen. As soon as the press catches on it's bad for business.
So, companies *do* have a drive to secure your private data.
- Vincent van Scherpenseel
--
http://vincent.vanscherpenseel.nl/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/