Breaches Exposed 22.8 Million Personal Records of New Yorkers 41
An anonymous reader writes Attorney General Eric T. Schneiderman issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. The report reveals that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches, which have cost the public and private sectors in New York upward of $1.37 billion in 2013. The demand on secondary markets for stolen information remains robust. Freshly acquired stolen credit card numbers can fetch up to $45 per record, while other types of personal information, such as Social Security numbers and online account information, can command even higher prices.
Re: (Score:3)
It stopped being our state a long time ago.
Re: (Score:3)
This is also the state where the Commissioner of Education, John King, had a talk about New York's implementation of Common Core. The talk was overrun with parents who had issues with the implementation specifically (and some with Common Core in general). There were a lot of questions they wanted to ask and a lot of answers they wanted to get. Instead, King cut the meeting short, cancelled the rest of his tour, and said that "special interest groups" were to blame. (Parents are apparently now a special
Re: (Score:2)
Re: (Score:2)
Yup. I usually vote for the Democrat candidates, but I won't vote for him again. The problem is that I don't like the Republican candidates either. So I'll likely vote for a third party candidate. I know they won't have a realistic chance of winning the election, but it will be a protest vote. If enough people protest by voting third party, maybe the two major parties will pay attention.
Re: (Score:2)
And the population of New York State is....19,651,127 (2013 est).
Anyone who wants to have even more centralized data storage of personal, private information just doesn't care about data security.
Data is Unsecurable (Score:5, Insightful)
Perhaps it's time for companies to realise that they cannot keep data secure. That they will never be able to build, much less be willing to pay for, the security required to keep this information under any kind of seal.
Perhaps it's time for companies to ask themselves: "Do we really need to store this?".
Re: (Score:2)
Where I live, the security agency was on telly tonight calling for greater hacking powers and data retention.
(The Terrorism card)
Why spy on your own citizens when the information is, seemingly, freely available online?
Re: (Score:3)
This was one big reason why, when New York said they were going to upload students' data into the Bill Gates Foundation's InBloom system, I was opposed. The data (including some very personal info like medical diagnoses) would have been upload to an Amazon cloud drive. As if "cloud drives" are never hackable.
(The other reason I was opposed was that lawmakers specifically made an exception to the data sharing laws so that data could be uploaded to InBloom whether or not parents wanted it uploaded. Not onl
Re: (Score:3)
Perhaps it's time for companies to realise that they cannot keep data secure. That they will never be able to build, much less be willing to pay for, the security required to keep this information under any kind of seal.
Perhaps it's time for companies to ask themselves: "Do we really need to store this?".
It's beyond that... as you said, data is unsecurable even if they don't store it. So why is it possible for someone from eastern Europe that doesn't even speak English to charge something in my name and have it shipped overseas with nothing more than the info on my Visa card?
This is entirely the fault of Visa/Mastercard and other credit agencies. They should be eating the costs of this fraud wholesale. They could end it tomorrow but in the name of getting us as far in debt to them as possible, they've throw
Sue, sue sue ... (Score:1)
Perhaps it's time for some litigation. These breaches should fall into an area similar to product liability where the cost of shoddy work is expensive.
Simple solution: Make those responsible pay (Score:2)
Say, full damage caused, including $100 per hour the person affected had to spent clearing this up, with at least 10h assumed and no need to prove anything for them. With that, companies might just start to care about the security of customer data. Currently, they basically have no incentives to spend any money on secure coding, security reviews and the like.
Re: (Score:2)
The problem is what happens when it's a government breach? Have taxpayers fine themselves?
Re: (Score:2)
That would require some form of privacy legislation.
And I have my doubts about the willingness of lawmakers to do that.
Not the least of which because it would limit the ability of companies to make use of your private data, put the onus on them to be competent at data security, and actually bear some responsibility.
We couldn't possibly curtail what companies do for profit.
There are barely any laws about what they're allowed to store, and what they're allowed to do with it. Nobody is going to pass laws maki
Simplest Solution (Score:1)
Make debt the responsibility of the lender.
Re: (Score:1)
Make debt the responsibility of the lender.
Care to elaborate?
Are you asking for the definitions of the words "make", "debt", and so on? I did not find the sentence particularly confusing.
Re: (Score:2)
We assumed it to be confusing because we wanted to assume you knew what you meant but just didn't get the point across well
No, you did not understand the point, which was so simple that any idiot should be able to understand it. Apparently, I did not aim sufficiently low for my audience.
If you have a specific objection, then make it. Otherwise, admit that your entire argument is "that's stupid", which is no argument at all. Instead of argument, you are relying upon moderation to suppress mine. That's because you don't have an argument. If you had, you'd have used it.
Re: (Score:1)
Why, when it's so much more profitable to "securitize" it and sell it off to other people as if it had value?
Making companies take on their own liability sounds un-American.
Re: (Score:2)
Make debt the responsibility of the lender.
In Islamic countries, it's illegal to earn money off debt, and their civilization is growing. It's a perfectly functional way to operate. I went looking for an Islamic bank myself, but there weren't any close enough for me to do business with them.
Re: (Score:2)
I won't be looking at an Islamic country as an example of a "perfectly functional way to operate." I like my freedom, thanks.
Whatever you say, debt slave.
Re: (Score:2)
It's actually 'Breeches' and now we finally know Step 2.
Years ago, when static electricity was bad news for computers, I had the idea for a "data processing shoe" that would have a little conductive ribbon that would drag along the floor and ground out static electricity. Such a thing is of course no longer needed, but given the apparent popularity of data breeches these days maybe the concept could be resurrected as a fashion statement.
Sell your own data... (Score:2)
Companies have proved they do not care about your data and are willing to essentially give it away via breaches. And *nothing* is ever done about preventing identity theft, because the burden of fixing it is up to the individual, not the credit card issuer, and not the large faceless corporation that saved $20 on security software, but let the hackers in to take your identity in the first place.
They then promise to fix the problem, but then never do. And government looks the other way because they are in th
post-privacy world (Score:2)
isn't time we just ditch the fiction that privacy as we knew it in the 20th century is gone forever and accept that everything we do and say on any digital medium will be collected?
sheesh...yes I get it already...databases compromised, hacked, sold...NSA spying, collecting...
good lord how many times do we need to be wack-a-moled before we just stop caring?
Largely irrelvant because of costs and intent (Score:1)
The costs of attempting to BE compliant to these vague horrible laws is far higher than the cost of losing control over something. This is why HIPAA is a huge waste of time and effort. It costs millions to 'comply' with the law but the downside is near zero because, and this is important
YOU HAVE TO PROVE INTENT
So any law is going to be ineffectual on its face when it looks only at intent. And specifically, the intent to profit from it. Target didn't intend to break something. They goofed up. So the law does
This is why warrantless spying is a great idea! (Score:1)
Look at the bright side.... (Score:2)
When the money gets stolen, its insured by the government that just prints some more, and paper grows on trees!
Finally we have found a growth industry with real American entrepreneurship that is compatible with current fiscal policy. We can re-hypothecate futures on funny money stolen by criminals that aren't bank executives! Its a new system of cheques and balances