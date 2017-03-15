Follow Slashdot stories on Twitter

 


Millions of records from a commercial corporate database have been leaked. ZDNet reports: The database, about 52 gigabytes in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population. Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million. The purchased database contains dozens of fields, some including personal information such as names, job titles and functions, work email addresses, and phone numbers. Other information includes more generic corporate and publicly sourced data, such as believed office location, the number of employees in the business unit, and other descriptions of the kind of industry the company falls into, such as advertising, legal, media and broadcasting, and telecoms.

  • $1 penalty per leaked / stolen record, imposed by the FTC/SEC/SSA/CFPB will quickly remedy this problem. As long as the value of private personal information is intangible, the value it will be assigned in companies' risk assessments and capital plans is $0.

    But I guess that would be a burdensome regulation under our new regime.
    • Personally I would like it to be $10 per record paid to the person who the record is on. If it record contained some critical info like SSN or last 4 digits of SSN then make it $1000 per record. Granted those values don't actually cover the cost of the impacted individual in dealing with these situations (hey we leaked your SSN, mother's maiden name, and first pet's name so now you get to deal with fraud committed by others for the rest of your fucking life) but it would go a long way to ensuring that compa
  • Wonder if it will drive down the price of marketing data from other firms knowing that there is a set of data out there. It will go out of date eventually, but even old data can be good for updating.

  • "...more generic corporate and publicly sourced data, such as believed office location, the number of employees in the business unit, and other descriptions of the kind of industry the company falls into, such as advertising, legal, media and broadcasting, and telecoms."

    The word you're looking for is 'client list' . (damn, that's 2 words)

  • Just remember; focus on the 'scary hackers' side of the story; not the 'the data were already aggregated and available, and presumably in use, well before the leak occurred' aspect.

    As long as giant databases remain in respectable hands, no harm can come of them; so just worry about whether it was a nation-state actor or an 'advanced persistent threat'. Nothing else to see here.

