Personally I wouldn't have trusted them with a name like that to start with.
A company that develops and supports software for handling consumer reports and background checks says it was hacked by a miscreant who made off with thousands of people's information. Imag-I-Nation Technologies (not to be confused with the graphics chip designer of the same name) said that in November of last year, someone …
"We have also reviewed our internal data management and protocols and have implemented enhanced security measures to help prevent this type of incident from recurring."
Show me your last review, the one before that and the one prior to that too. Don't have them? then these security measures will be worthless in 12 months anyway, what's the point?
Mine is different, we have the staff but they aren't in protected posts, they have to cover tons of other non-information/cyber security related matters which could all be done by someone earning far less. But that would cost money, so to hell with that let's just have lower standards..
"...it was not aware of anyone selling or misusing the pilfered information"
Well they didn't notice someone breaching their system so the chance of them 'being aware' of anything is slim. It's quite galling when this line is trotted out, as though them being aware makes any difference whatsoever to whether someone is at risk of their information being abused. You can assume that if someone went to the trouble of hacking their systems and gaining some extremely valuable data then it already has been misused and it is likely to be misused further - why wouldn't it.
That's not blackface — that's just a ski mask (to keep the face warm on a sub-zero [Fahrenheit] ski slope), like bank or jewelry store robbers sometimes wear to hide their identity. Sometimes they use a stocking, but stockings are not as effective and they probably reduce your vision considerably.
...was accessed some time around November 1 and the intrusion was discovered and locked down on November 14.
They locked themselves down the very day it was discovered, but the peoples' exposure and needed remediation couldn't be shared for 90 days.
Your situation was never a priority, just the hassle of an overdue obituary.
How did this company obtain the information they failed to secure, who certified that this company was competent to deal with personal data.
Most banks and many others in the UK insist upon passing their customer's personal information to these credit report people even when no credit is involve
Personally I would make the agency yyou passed the data to responsible for any losses and in the case of more than one company being involved then all must take the responsibility for "oops we did it again, expect some identity theft in the future"
Really? Do you not read your own local news?
American's understand you having an inferiority complex--giving you the need to bash something else to make you feel big and mighty (especially on the Internet); however, at least have the brains to think about it for 30 seconds beforehand... to keep your own shoe from flying towards your mouth.
After the innumerable such breaches, why aren't there large civil and painful criminal penalties for failure to adequately secure such data? There should be an expectation of "best practices" when dealing with such data. If you can't afford to do it, then you are in the wrong business.
Why is the data even on the Internet continuously? The server on which the data resides could be kept offline except during periods when data transfers occur. All data on the server should be fully encrypted, not just hashed. The public should be outraged every time this happens. There's no longer any excuse.
Biting the hand that feeds IT © 1998–2020