Is It Illegal To Get Hacked?
from the define-reasonable-procedures dept
Tower Records and the FTC have apparently reached a settlement after the FTC accused them of allowing hackers to access customer records. This brings up a very interesting question that isn't often discussed. Since hack attacks to get at customer data happen all the time how does anyone determine whether or not the company itself is negligent in not protecting the data? At what point is it negligence rather than just being vulnerable? If the standard is set too low, then companies have less incentive to protect their data (though, pissed off customers may provide that incentive). However, blaming the victim for being hacked seems to present a lot of slippery slope style questions.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
BJ's Club
Mike,
My parents just went through a lot of crap getting debit & credit cards replaced because of the recent BJ's club fiasco.
I've provided this link because we are from Pennsylvania for those not aware of the theft of data that occured with this merchant.
http://www.philly.com/mld/inquirer/2004/03/31/business/8315762.htm?1c
Businesses that do not adequately secure their data are responsible. Period. It is no different than an unethical Dr. that would not keep patient records confidential. Frankly, I still do not understand why BJ's club had their CC & debit card #'s on record in the first place. I would imagine that the only thing that should be in their compromised database in the first place is the member names, addresses & an account # that BJ's can use for THEIR records. It really shouldn't matter in what form the members choose to pay for their purchases & I would like to see laws that would make it illegal for institutions to keep YOUR CC & debit #'s on THEIR databases unless you specifically allow them to do so. Systems should be set up to delete finacial information once the transaction is completed.
Can someone give me a good explanation of why BJ's might have kept my parents CC & debit card #'s to begin with ? I would honestly like to know so I have a better scope of this.
[ link to this | view in chronology ]