Where are the criminal penalties for reckless security lapses. The hoarding of data should come with legal risk. Penalties shoudl increase for the risk they trafer to the public by abdicating that responsibility, and delaying the public announcement.
Right now it seems nothing. And if the people responsible for this breach, get away with it then why wouldn’t anyone else? This is about as bad as it gets in terms of the data that was accessed and how many people it affects. Most people who are included in this breach, have never heard of this company and are only now receiving letters in the mail about it. Those letters won’t say what data was taken, and as far as I know United/Change refused to provide this information to individuals. All it does is offer free credit monitoring.
> Where are the criminal penalties for reckless security lapses.
For criminal fines to send a worthwhile message, they'd need to 1) be of a worthwhile amount and 2) equal a reduction in investor returns + executive payouts.
Without that, the people in a position to make changes are soundly insulated from their consequences.
> The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver’s license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information — as well as financial and banking information found in claims and payment data taken by the criminals.
Note that this breach became public in February and they’re admitting the scope of affected Americans only now. United/Change won’t tell individuals what info about them was compromised. They’re hoping they can just get away with offering credit monitoring, when they should be compensating every individual and expecting to end up in prison.
Discussion (73 points, 4 days ago, 36 comments) https://news.ycombinator.com/item?id=41942103
Where are the criminal penalties for reckless security lapses. The hoarding of data should come with legal risk. Penalties shoudl increase for the risk they trafer to the public by abdicating that responsibility, and delaying the public announcement.
Right now it seems nothing. And if the people responsible for this breach, get away with it then why wouldn’t anyone else? This is about as bad as it gets in terms of the data that was accessed and how many people it affects. Most people who are included in this breach, have never heard of this company and are only now receiving letters in the mail about it. Those letters won’t say what data was taken, and as far as I know United/Change refused to provide this information to individuals. All it does is offer free credit monitoring.
> Where are the criminal penalties for reckless security lapses.
For criminal fines to send a worthwhile message, they'd need to 1) be of a worthwhile amount and 2) equal a reduction in investor returns + executive payouts.
Without that, the people in a position to make changes are soundly insulated from their consequences.
> The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver’s license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information — as well as financial and banking information found in claims and payment data taken by the criminals.
Note that this breach became public in February and they’re admitting the scope of affected Americans only now. United/Change won’t tell individuals what info about them was compromised. They’re hoping they can just get away with offering credit monitoring, when they should be compensating every individual and expecting to end up in prison.