| ▲ | briffle a day ago |
| Equifax: In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. The settlement includes up to $425 million to help people affected by the data breach. Apparently, your personal information is worth about $2.90. |
|
| ▲ | gruez a day ago | parent | next [-] |
| >Equifax: In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. The settlement includes up to $425 million to help people affected by the data breach. How much money did they make from the breach though? The argument made by the gp was that the fines were "pocket change compared to the piles of cash they made while ignoring those regulations.". According to FTC's press release, they were fined at least $575M for "failure to take reasonable steps to secure its network". How much do you think did you think equifax saved by skimping on security? Probably not $575M. They got pwned by an outdated third party library. There's no way keeping your libraries up to date is going to cost anywhere near that amount. |
| |
| ▲ | tecleandor 21 hours ago | parent | next [-] | | Fines should be higher than the cost avoided, or companies would just avoid the cost until get caught. Also, it's not only about the cost avoided, but about the damage to the people while you were doing that. If you're making money moving logging trucks, you skimp 50 dollars per trip in some straps to fix the load, and then a couple logs fall, run over a car, and almost kill a bunch of people, I'm not expecting you to pay just for the 50 dollars and the car repair. | | |
| ▲ | gruez 20 hours ago | parent [-] | | >Fines should be higher than the cost avoided, or companies would just avoid the cost until get caught. Again, how much do you think Equifax saved from skimping on security? Sure, spending $575M would have prevented the hack, but how much did they have to spend to be considered not negligent? | | |
| ▲ | harimau777 18 hours ago | parent | next [-] | | Enough to keep it from happening or enough to make whole everyone who was injured. | |
| ▲ | tecleandor 10 hours ago | parent | prev [-] | | Again, it's not about what is saved, it's about what it caused. If they can't expend a bit extra to avoid damage to millions of persons, maybe they shouldn't be in that business. |
|
| |
| ▲ | nzeid 20 hours ago | parent | prev [-] | | > How much do you think did you think equifax saved by skimping on security? Probably not $575M. They got pwned by an outdated third party library. There's no way keeping your libraries up to date is going to cost anywhere near that amount. I took their post to mean that the $2.90 figure included damages. In your words, how much will the ensuing fraud, identity theft, and spam cost me? | | |
| ▲ | gruez 20 hours ago | parent [-] | | Yes, but you're moving the goalposts. The original argument was essentially that crime pays, because you'll only get fined a fraction of what you saved/made. |
|
|
|
| ▲ | justinclift 20 hours ago | parent | prev [-] |
| And they're still in business too. :( |
