Corporate Data Breach Liability

Make company liable for damages when breached.If you want companies to care about security then you need to make it affect their bottom line.This wasn't the work of some super hacker. They literally just posted the info in public.

I would assume the companies working on those accounts care more about security than the company working for average citizens. They can actually go out of business and see consequences after being hacked as opposed to, say, experian.

Which implies that the company is negligent in hoarding the data in the first place. If you admit that there is no effective security for sensitive data, you admit that holding the sensitive data in the first place is negligent. Create real sanctions for the loss of the data, follow through on them, and then companies will do better.Mind you, Snowflake is the problem here, not AT&T, if it was their leak. AT&T is big enough that no meaningful sanctions will fall on them. It's not

Start fining companies when user data is lost. News would report on companies getting fined for shitty security practices, which also makes it clear that the problem isn't hackers. Plus companies have an incentive to spend money on securing their data.

Shouldn't companies be penalized for exposing its users' private data?

Think of it like a class action lawsuit on behalf of investors. Instead of entrusting their savings to a company, people are entrusting them with their personal information. If there is gross negligence on part of the company leading to that data being leaked then all of the people whose data was stolen should be able to claim monetary damages. If a legal precedent is established so that these claims can be pursued whenever this happens it should provide enough motivation for these companies to

In my opinion, this is a symptom of weak/ineffective regulation in the personal information space. The consequences for data breaches to the guilty parties have been minimal at best. Meanwhile responsibility for fraud has been pushed onto individuals via concepts like "identity theft". Even if the company in question was indeed reputable and well-known, most people don't have the technical expertise to evaluate any claims about security or privacy. Who would take that risk kn

Maybe not a popular take but This is kind of a victimless crime. They mishandled private data but so did Experian (for example) and she never had a breach! On all the other charges I'd argue the tech companies poor security processes were by design because it generated more revenue.

Strongly agree.We've already seen shades of this in banking. After chips were added to credit cards, people started having their chargebacks denied because "our records show the card was physically present" (even if the charge originated in another country)How long until companies try to deny responsibility for data leaks because "our records show Windows was fully up-to-date and secure"

This is what you get for giving corporations PII they don't actually need.