The USA has no such laws! It’s a corporate free for all.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major 'National Public Data' Leak Worse Than Expected With Passwords Stored in Plain Text
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yea, it’s bad. The majority of the people I know have had their SSN & addresses exposed. Could you imagine what these terrible actors will do once AI is fully harnessed??
No, I understood that part, I even said it in my comments. What I don't understand is how the people storing their passwords in plain texts, etc. made the hack WORSE than initially thought, rather than just explaining HOW the hacked happened.
Like you, I also stay offline and avoid online accounts, forums, etc.
Most people’s SS numbers have been on the dark web for years. If you are not locking your credit reports, you are just asking to have your identity stolen.
it always amazes me that in the US the victim of fraud is liable, if the perpetrator manages to convince a bank/company to give them credit in the name of the victim, because the victim didn’t „freeze“ their credit.
„freezing“ credit isn’t even a thing in most of the world. in the EU and many other sane democracies its always the company/bank thats liable for giving the wrong person money/credit if there was no negligence on the part of the victim.
freezing credit is an invention of US banks/companies to get out of their liability and be able to blame the victim.
„freezing“ credit isn’t even a thing in most of the world. in the EU and many other sane democracies its always the company/bank thats liable for giving the wrong person money/credit if there was no negligence on the part of the victim.
freezing credit is an invention of US banks/companies to get out of their liability and be able to blame the victim.
Good luck with that but this info had nothing to do wth using the internet. This company does background checks.
Board members and company officers should face prison time for these events. Until this happens, nobody will effectively prepare, and we will all suffer.
You most likley still have to prove you didn't get the money and that is were the trouble starts in the US. The issue is there shouldn't be simple a number used to identify someone in 2024.
no, in most countries the bank has to prove that it gave the money to the right person. they are required to have the receipts and the signatures and the IDs, etc. and if the banks do their due diligence perfectly, then fraud is almost impossible anyway.
EU goes a step further: banks are required to inform customers about fraud schemes that the bank knows about. if the banks don’t do this, then the banks may even be liable if the victim is tricked into giving the fraudster access to their account themselves. thats consumer protection.
Last edited:
The problem is many of these companies factor in data breaches as the cost of doing business. The fines and lawsuits end up being a slap on the wrist. My suggestion is have it so any company that knowingly has minimal security to protect consumer data, should lose the ability to conduct business for a minimum of one year. My bet is that they would start caring much more when a year of profitability is a stake.
This is the only way. This wasn't even a big company, this was basically one guy. He did it because he knew it was profitable and he knew he could and he knew that the downsides were basically zero.
We'll see if anything actually happens. Without consistent privacy laws in the US, I doubt anything will.
What's really crazy, if this was a HIPPA violation, this guy would be in jail for a trillion years and owe infinite dollars.
I guess it's like that old quote. One privacy violation is a crime, a billion privacy violations is a statistic.
Yeah not buying it. Credit card fraud happens in every part of the world.
The total value of fraudulent transactions using cards issued within SEPA[3]and acquired worldwide[4] amounted to €1.87 billion in 2019. For cards issued in the euro area only, the total value of fraudulent card transactions amounted to €1.03 billion.
Seventh report on card fraud
The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. Our main task is to maintain price stability in the euro area and so preserve the purchasing power of the single currency.
I assume you were just having fun with our comments. It would be obvious to anyone that they were made ironically, since we were using the internet to say that we don't use the internet.
Good thing I locked down all of my credit right after the Equifax breach. I lifted it once - at only one credit reporting company for about 15 min when I bought a car. Then I promptly locked it down again. I advise everyone else to do the same. This should be a minimum because there’s clearly no one in the U.S. looking out for consumers.
You joke but even it that was true, you’d only be keeping the information from yourself. Your personal data would still be stored in a way that it can be accessed on the internet. It’s a brave, new world.
While everyone is obsessing about the companies (who clearly messed up) the hackers should be found and executed. And we need to make it so our social security numbers are not sought after by making them have a PIN number or some other security. To many people want them…from illegals to people trying to make fake accounts to get money everyone wants the SSN. Punish the companies but we need harsher penalties on the thieves and those who use them illegally.
Yep.. Got it stolen one too many times so now its all locked down all the time.
Unfortunately these companies just call paying millions a tax deductible cost of doing business. They need to be providing each person potentially affected free credit monitoring from a reputable vendor and an amount to each person. Along with their leadership being criminally charged and replaced.
A breach of this magnitude should be a company sinking event so that other companies will take notice and fix their stuff.
Well, I mean, it is called National Public Data.
Don’t forget that there is still so much more that can be done with your stollen information than just credit reports.
There’s still
tax fraud,
opening a number of financial account types (which can be used for money laundering, etc.)
setting up bills/utilities,
identity theft,
draining current accounts,
utility fraud
subprime loans,
apartment rentals
Doctor's/Dentist visits
and so much more.
It is ridiculous that we don’t have more security around our Social SECURITY number. It is a joke that library cards are actually a better more secure form of identity than an SSN.
I have worked with/for fraud departments, information security, and other groups around this topic for 20+ years and I can definitively say SSNs are terrible and abused is so many ways that we could write a massive book about it.
We need in the US a biometric info attached to the SS. My european ID number is worthless to anyone but me, because my biometric data is attached to it, thus rendering it useless unless you are my exact twin with my exact fingerprints. But we all know is not going to happen here in the US because then how the politicians will be playing with our votes?
Give up on anything related to security for the online world. Every company/site with any information will get hacked in the next few years (most already have). Live with the daily risk and pray your retirement funds aren't taken.