So I got a notice from Ticketmaster that my identity was accessed by an intruder and my name, contact info and /encrypted/ payment info was compromised. These notices are more and more common. Why aren’t companies accountable for damages when they fail to protect all the myriad data they collect on people without consent? I never asked them to store these things…
I’ve come to the conclusion that all these breach notices and the free stuff they offer for X months is a huge scam to get you sign up up for something. Either that, or every company has woefully underpaid/incompetent IT people. I’m waiting for the next news story to break on another company that somehow got passwords or identity info hacked that was stored in plain text…something I learned how to not do back in the 90s with basic HTML and PHP.
In short - I don’t believe them. They all are using the same form letters, it’s a scheme that they’re all in on.
It’s this one. Cox Communications, one of the largest telecommunications companies in the US with $11 billion in revenue, recently patched a bug on their self-serve portal that allowed anyone to access any customer’s profile. The bug was that server requests weren’t being authenticated. If you entered the right info into the URL bar you’d be given a page with anyone’s customer info. No login needed.
That’s comically bad.
You can not believe them all you want. It doesn’t magically make everyone competent.
Businesses value MONEY first, not security, not happy customers, not competent staff. MONEY.
Which is cheaper? Get a product working enough to sell. Get a product properly developed, secured, and audited.
Pick one. Hint: corporations choose MONEY. Every time.
Your data is not safe, because rich pieces of shit like MONEY more than they like YOU.