Capital One's Breach Was Inevitable, Because We Did Nothing After Equifax (techcrunch.com) 165
An anonymous reader shares a report: Another day, another massive data breach. This time it's the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $575 million over a date breach it had -- and hid from the public for several months -- two years prior. Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action. Equifax's chief executive Richard Smith "retired" before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened.
An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine -- which amounted to about 20% of the company's annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly. Legislatively, nothing has changed. Equifax remains as much of a "victim" in the eyes of the law as it was before -- technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.
An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine -- which amounted to about 20% of the company's annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly. Legislatively, nothing has changed. Equifax remains as much of a "victim" in the eyes of the law as it was before -- technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.
We are getting what we deserve (Score:2)
Humanity is getting what it deserves for its complacency. I'm beyond being enraged or feeling sorry for anybody.
I'm just stocking up on ammo, just in case.
Re:We are getting what we deserve (Score:5, Insightful)
The problem isn't complacency, it is being cheap and short sighted.
There seems to be little effort put into long term strategies. Be it Infrastructure Investment from our government, Companies putting money into increasing their IT security, Making sure their technology and processes follow more energy efficient methods.
Capital One will probably get a fine, that will cost less then what it will take for them to actually fix the problem, so they will do nothing, besides the bare minimum. Unless this changes, these breaches will only get worse.
Re:We are getting what we deserve (Score:5, Insightful)
The problem isn't being Cheap or Short Sighted. Not at all. The current laws making consumers responsible for their stolen ID caused by this shit is 100% calculated and can be 100% prevented with a simple change.
Make the people responsible for ID Theft, those that have allowed the theft of the ID, those that are issuing credit based on stolen ID, responsible for the losses. That change, would solve a great deal amount of the problem.
Given that just about everyone has had their identity stolen at this point, the people issuing credit have to be held accountable. The info has already escaped containment. There is no putting the maladies back into Pandora's Box.
Re: We are getting what we deserve (Score:1)
The problem is how much 'value' a criminal gets from a stolen ID. The solution is much more oversight while granting credit. The 'easy credit' industry thrives on people being given credit cards right at the checkstand at a store. Having a few bits of personal data, like a "secret code" SSN, should never be enough to set up a credit account. The SSN was never intended to be used as that.
Re: (Score:3)
And how exactly are we supposed to determine where the identity thief got the information they're using to open credit in someone else's name?
And how is a creditor supposed to be able to confirm that a person applying electronically, who has every possible piece of information about someone to supply, is actually that person - without going back to taking our horses and buggies to the bank to apply in person?
The creditors and credit bureaus need to have security standards imposed on them since they can't, w
Re: (Score:2)
And how is a creditor supposed to be able to confirm that a person applying electronically, who has every possible piece of information about someone to supply, is actually that person
The problem is you don't need all that much information on someone to open a line of credit. Name, Social Security Number, Date of Birth, and address are generally enough. The problem is a large swath of that information is essentially public information at this point, and all of it is impossible or very difficult to change. This is a problem we solved decades ago, with passwords. I understand it's not a perfect solution, but it's better than the "nothing" we have today. There is no reason that access
Re: (Score:2)
The problem is you don't need all that much information on someone to open a line of credit. Name, Social Security Number, Date of Birth, and address are generally enough.
Indeed. This is the root of the problem. Very little information is need to steal an identity and establish credit, and all of it is semi-public information.
Until we fix this, nothing else will make much difference.
Re: (Score:2)
No need to be dramatic.
Yes there is. The "Dramatic!!!!!!" (See what I did there?) increases emotion and that is now counted as a viable "fact" in modern discussions. You can tell they don't actually want to discuss anything by the weird strawman "without going back to taking our horses and buggies to the bank to apply in person?" Because there is no other option between now, and 1870's Horse n Buggy.
Liability for bad security (Score:3)
And how exactly are we supposed to determine where the identity thief got the information they're using to open credit in someone else's name?
Sometimes it is quite straightforward but it doesn't really matter. If a company is maintaining a record of sensitive information about a customer and they have a breach of their security on that data then the company should be automatically and substantially liable to the individuals affected by their inadequate security. Right now they have very little legal responsibility and rarely face serious repercussions for data breaches. It should be up to them whether they want to accept the risk but the conse
Re: (Score:3)
...without going back to taking our horses and buggies to the bank to apply in person?
Maybe credit should only be granted face-to-face, with biometrics gathered on the new debtor when said credit is granted (and confirmed upon any subsequent credit increases/changes)? I know, I know, but before everyone screams "privacy!", a few strictly-enforced laws against use of said biometrics except as escrow should be (mostly?) sufficient. This way claims of identity theft can be handled with sufficient evidence, and the biometrics can be used to help hunt down and/or confirm the thief?
Re: (Score:2)
I suppose that would be great, if you want to massively reduce competition in lending to only those lenders where you can appear in person and make an appointment to apply for a loan. Most people have enjoyed the greatly reduced costs of borrowing that national competition has brought.
Re: (Score:2)
That can be worked around, the same way mortgage brokers do it - just have an agent act on your behalf, authorized by the lender(s) to transmit the needed biometric data, paperwork, etc.
Re: We are getting what we deserve (Score:2)
Because you are not a corporation with means to fight - just a patsy in their eyes.
Re: (Score:2)
What we need is a fine large enough to give every affected person $1000 and two years of credit protection services.
And then do that instead of giving the money to the lawyers.
Re: We are getting what we deserve (Score:2)
Or, giving it to government. We should be compensated for the amount of our âoecreditâ limit for 10 years + punitive damages. If the feds want to fine them as well, fine. And, do not allow the C level officers to escape nor allow the company to declare bankruptcy.
If they canâ(TM)t pay, then substantial jail time.
Re: (Score:2)
Yes, very much so. Unless there is personal consequences for this, like under HIPPA, nothing will change.
Re: (Score:2)
It's not just being cheap and short sighted. That's part of it, but it's not the whole picture.
Basically, having real, good security would eventually require two things:
For the first item, the government doesn't want it because it keeps them from snooping on us (and prevents big companies from snooping, and those big companies
Re: (Score:2)
It's electing a president that absolutely gutted regulation.
Re: (Score:1)
The problem isn't complacency, it is being cheap and short sighted.
And, as the post continues, the people responsible not facing serious consequences for such problems.
Although a hit to the stock price -- or revenue from customers -- sometimes stings a bit. For a while.
Re: (Score:2)
"12 Weird Way to Stop Being Dumb. Number 5 will AMAZE you!"
Re:Equifax settled for more than $575 million (Score:5, Informative)
.
Since TFS said that the $545M fine is 20% of its annual revenue, that means Equifax is generating about $18.54 per person per year. To me, the fine doesn't seem steep enough to really change industry practices, or enough to make CEO's (or CFOs or CTOs) collectively turn their heads and say, "Wow, we proactively need to change things." I think they can still hide under the "I hope it doesn't happen to us" umbrella with the Equifax fine.
Re:Equifax settled for more than $575 million (Score:5, Interesting)
During my Congressional campaign, I suggested a policy for the Consumer Financial Protection Bureau to work with NIST to determine the latest consumer-ready standards for identity protection and mandate their implementation. The current policy I would expect from the regulators is for banks to verify consumer identities in person and link them to a FIDO U2F security key with the Credit Bureaus (Equifax, Transunion, Experion), requiring identification by U2F to perform a hard credit check and to open a new credit account tracked by the credit bureaus. Lenders who don't validate the debtor via U2F when opening a new account don't have standing to take action against the debtor (no impact on your credit report, no real way to order collections).
This is a technical fix to block identity theft: the Credit Bureaus no longer hold anything which can be used to present oneself as a particular person. If you lose your key, you call the bank, voice verify, whatnot, and they cancel it with the Credit Bureaus for you: you can still USE your accounts, but you can't open NEW credit accounts.
The government can also implement similar for social security, IRS, etc.. Each key holds 1,000 identification objects (private encryption keys), so you can use just one on your key chain.
Breaches have a non-zero probability. This reduces the severity to near-zero.
Re: Equifax settled for more than $575 million (Score:2)
Nothing a bullet canâ(TM)t fix for attempting to destroy someone elseâ(TM)s life.
Re: (Score:2)
The problem with Government managing IT Security, is that Government doesn't move fast enough. And it provides companies a pathway to have the bear minimum to follow. The problem is way more complex then just a few government laws on the book. The population needs to be more security minded, and organizations need to put significant investment into data security, it is just the cost of working in the 21st century.
Re: (Score:2)
The problem with Government managing IT Security, is that Government doesn't move fast enough.
Don't worry, they'll not only implement it very slowly, but they'll find the lowest cost contractor to do the work. What could go wrong?
Re: (Score:2)
The problem with Government managing IT Security, is that Government doesn't move fast enough
That's why I suggested policy to place regulatory power in the CFRB and mandate they work with NIST: they're a lot more agile and less vulnerable to political bullshit than Congress. Even the lobbyists have to get laws through Congress to hinder the regulators.
The problem is way more complex then just a few government laws on the book. The population needs to be more security minded, and organizations need to put significant investment into data security
First off, people don't have time to be experts in everything. They could be more educated, but they don't have the time to be experts.
Second, the security problems are centralized at the credit bureaus and other points in the chain. Consumers
Re:Equifax settled for more than $575 million (Score:5, Insightful)
I am not a victim of identity theft. You are a victim of fraud.
The term 'Identity Theft' is some ridiculous fabrication created by politicians and corporations so they can shift the blame for fraud from themselves to the general public.
Re: (Score:2)
Re: (Score:2)
If you give credit to a person who shopuld not get one, the bank is responsible. This can mean that the person does not need to pay back anything as the creat/loan is seen as null and void.
In the United States, identity theft cost $24 billion in one year. It's recently been as low as $16 billion. That's theft the banks and other entities disburse to consumers via slightly-higher fees, along with useless economic activity cleaning up after the mess instead of making new things we could consume instead.
A technical solution has relatively-high value.
Re: (Score:2)
"Lenders who don't validate the debtor via U2F when opening a new account don't have standing to take action against the debtor"
That all sounds great except you are saying that if I loaned a family member/friend/stranger $10k and didn't follow your process, I'd have no recourse if they stiffed me. And no loan (with the ability to legally force collections) could happen without the government knowing about it. That seems a little excessive to me.
Re: (Score:2)
That all sounds great except you are saying that if I loaned a family member/friend/stranger $10k and didn't follow your process, I'd have no recourse if they stiffed me.
Well, yes. Do you think your loan to your sister shows up on her credit report? Do you think it affects her credit score if she's late on her payments or leaves town? Of course not.
And no loan (with the ability to legally force collections) could happen without the government knowing about it.
You do realize this is the case today...roughly...right? All those loans go through the three credit bureaus. The credit bureaus independently authenticate you (the same is true under U2F--that's how I sign into Google and Facebook today), but it's still a public record that can be queried.
When you go to a bank and open
Annnnndddd... (Score:1)
We're gonna do nothing after this one either. Companies holding all this data is good for the government. The government wants companies to hold data because they can subpoena it easily and can usually get it with no questions asked. The government has no intention of discouraging any kind of data collection.
You don't bite the hand that feeds you.
Agile Retooling (Score:3, Interesting)
Was capital one transitioning to DevOps and Agile and in the process had a leaky wall of data protection standards they removed and rolled backed because it was impeding their Faster to Market paradigm shift? Not like that is happening all over the fucking place leaving customers vulnerable.
Re: (Score:2, Interesting)
No. I worked inside of Capital One 'Cloud Custodian' support team. The company has an extensive system for securing its data. The problem is this attack came from an insider in Amazon (at least that is what I heard on the news).
C1 has been in AWS for 3 or 4 years already and has spent millions to secure its resources. This is a problem inside Amazon.
Re: (Score:1)
No, it is a problem stemming from depending on outside services for security, one of the most basic security flaws possible. Cloud is inherently insecure because it adds more points of failure.
Re: (Score:2)
An insider who was no longer working for Amazon. S/he seems to have observed the hole in Capital One's security whilst working there and then did the raid after s/he left. At least the linkedin profile had the perp working for Amazon and quite in 2017.
Attention-seeking transexual (Score:1)
"Diversity" strikes again!
Shit happens (Score:2, Insightful)
I know a thing or two about CapitalOne's operations and their use AWS. Frankly I would STILL place more faith in them to hold / protect my personal data and accounts than most of the rest of the financial industry. They are building out a solid infrastructure.
I know everyone wants to pile on right now but I don't think its fare.
Misconfigurations happen, and what we have here is basically an insider threat situation, which is the most difficult to defend against. This really isn't a cloud issue so to spea
Re: (Score:2)
Funny enough I actually have not held an account there in some years. Again though knowing what I know about it; if they offered a card with better perks than one I have right now, this incident would in no way discourage me from opening an account.
Re: (Score:3)
I don't the specifics of what happened with this particular breach. From the bits and pieces I have been able to glean from what has been published so far it sounds like some web service that was supposed to be restricted was mistakenly made reachable. I would not assume the data at rest was not encrypted, nor would I assume it was devops failure, it was probably a design spec failure on what based on the dates must have been a much older component. It isn't as if they left an s3 bucket wide open or some
Re: (Score:2)
This could have been averted if they had spent more money on security experts and infrastructure.
They didn't spend that extra money because there is no business case for doing so. The fallout from this will, at worst, be a small fine.
Equifax demonstrated that. Ignore the headlines about $125 per victim. That's the maximum and the fund is capped, so if 10% of victims actually applied they would get about $2 each. If all victims got their compensation it would be $0.20 each.
When the price of a breech is $0.20
Re: (Score:3)
It would depend on why the Truck broke apart. You are leaping the conclusion it was maintained badly. Even well maintained vehicles (although much more rarely than poorly maintained ones) experience catastrophic failures.
If for example a tire blew out because some malicious person poured a box of nails off an over pass and the driver lost control then the truck slammed into the cement supports for that over pass before breaking up - Yes I would say shit / vandalism happen.
If the truck was a rusty mess, it
Re: (Score:2)
Of course they broke the law. The money wasn't theirs. Just because something isn't adequately secured doesn't make it OK to steal.
Re: (Score:2)
There's no way to identify who that $20 belonged to if it's been sitting around for any amount of time, and taking it to a police station is just silly; whereas the money pouring out of the armored vehicle was quite clearly from the truck/bank.
Re: (Score:2)
I don't have low standards at all. I HAVE worked with CapitalOnes security people and I can assure you they don't have low standards either; just very human fallibility. You holding up impossible standards. If you home or car is ever broken into will you take total and complete responsibility for not having adequate security in place?
Have you never in your entire life left home or car and forgot to lock ALL the doors an windows? What is your process do you have your wife/kid/friend etc audit all the lock
Exceptionally low risk for the companies (Score:5, Insightful)
It's not that customers are eager to give money (Score:2)
On the plus side in America you're limited by statute to how much you're on the hook for in the event of fraud on a Credit Card, and it's pretty low ($75 IIRC). Plus most companies don't bother trying to collect that $75. This seems to have been a Credit Card database, so the likelihood is Capital One really will be on the hook for t
Follow the money (Score:2)
So as a consumer your life's information is worth a few thousand dollars.
It seems the bad guys have won. Massive data breaches occur monthly and those are only the breaches that make the news. It can take months or even years for the typical company today to detect a breach.
The local governments hav
Re: (Score:2)
FBI report (Score:5, Informative)
Re: (Score:2)
Favorite part: "Im like > ipredator > tor > s3 on all this shit"
Gosh, how could I ever get caught? I'm so smart, I'll brag about what I did online!
* FBI with search warrant knocks on door *
Re: (Score:3)
Wow. She uploaded some of the stolen data to her personal Github account that she signed up for using her real name... And then blabbed about it on social media. Hey, at least she used a VPN, which unfortunately is also linked to her identity.
Quite the faceplant.
Two different problems (Score:1)
The Equifax hack was sloppy support and poor management. Capital One hack was an inside job at Amazon (at least that is what is being reported).
I worked inside Capital One and the company has extensive support inside the company to protect all its resources in the cloud. They haven't been hacked by some outside source which should say a great deal about Capital One IT.
Re: (Score:2)
Capital One still misconfigured part of their security, that's what made the perp able to pull it off. And s/he stopped working at Amazon in 2017, if the linkedin profile is correct.
Not true (Score:3)
This is not true at all. We gave Equifax the gentlest of hand slaps.
The nerve of some people to say we did nothing. Harrumph.
Still shocked (Score:5, Interesting)
Re: (Score:2)
Oh, I am sure that the full weight of this will fall on a single person's head. One guess who that will be.
Re:Still shocked (Score:5, Informative)
A few years ago, my identity was stolen and used to open a Capital One credit card. They had my name, address, SSN, and DOB. They got my mother's maiden name wrong (red flag #1), immediately changed the address to a different state (red flag #2), and tried to get a cash advance before the card was activated (red flag #3). I only was saved by the thieves paying for rush delivery of the card and Capital One processing this BEFORE the address change - so the card came to me.
When I got the card, I called to report the fraud. I was told first that it likely wasn't fraud, but my wife opening the account in my name without telling me. She was right beside me freaked out so I doubted this. Finally, they admitted that it was fraudulent and closed the account, but refused to give me information on the account - like the address that it was changed to. I was literally told "if we tell you that and then you go and shoot them, we'd be liable." So they had no liability on opening an account in my name, but were fearful of liability on telling me anything about the account in my name.
They also stonewalled the police. The police were told to call a certain number, but that line always went to voicemail and nobody answered it.
In the end, I had to freeze my credit and will need to keep it frozen for my entire life. The thieves got away and weren't punished at all. And Capital One likely just wrote the whole affair off and continued business as usual. Credit Card companies don't care about fraud or identity theft. The more credit cards that are opened, the better for them. If you get a collections agency beating down your door because of a card "you" (really an identity thief) opened, it's not something they'll be worrying about.
Re: (Score:2)
Having your credit frozen isn't something to regret. It's an absolute necessity. To think otherwise is like saying, "Too bad my house was burglarized. Now I'll have to lock the doors for my entire life."
It really isn't even that difficult to deal with anymore. Since the laws were changed (because politicians and powerful people were being affected by the breaches), you can now freeze your accounts online, get a PIN
Re: (Score:2)
Don't get me wrong. I feel a lot better with my credit frozen. It's an inconvenience to thaw it whenever I want to get a new line of credit, but it's better than having someone open a new line of credit in my name. Still, it feels like the credit agencies are foisting the inconvenience on me because they don't want to be bothered in securing their systems.
ID (Score:5, Insightful)
ID should be something we can all share without fear. The loss of records about my basic ID and that of almost all ordinary people; who I am, where I live, my DOB, my taxpayer ID number should not be a problem. The problem comes when these details are used by banks and governments as if they were secrets known only to the individual.
Surely there must be better and acceptable ways that I can verify who I am when I genuinely want to apply for financial services and there must be a way that the consequences for making a bad identification can fall solely on the financial institution when things go wrong
what we need is a new way of doing business, because all the basic facts about us were stolen long ago anyway
Re: (Score:2)
Saying there must be a way to prove one's identity does not make it so. This is analogous to those idiot FBI and DoJ chiefs claiming there must be a way to backdoor encryption yet still be secure. Of course they go further and then claim that we must thence have backdoors in encryption as if this was a logical deduction instead of fools pissing into the wind and claiming it is sea spray.
Re: (Score:2)
Surely there must be better and acceptable ways that I can verify who I am
There are, but they all cost the bank more money than they save. The technology costs money to deploy, and anything that makes the service even slightly harder to sign up for or use means lost sales.
Nothing's been done? Whoa there cowboy... (Score:4, Funny)
Execs need to be wearing orange and chrome (Score:3)
An example needs to be made....
This continues to happen due to lack of accountability and America's two-class system.
If anything, the penalties should be more severe for the people managing this information.
All animals are equal, but some animals are more equal than others. -- Animal Farm
Americans don't care (Score:5, Insightful)
Re: (Score:2)
You seem confused. I don't give 3% to the credit card companies. The places I shop have to pay the credit card company and then I get it back in the form of airline miles and visa stock dividends.
Thank you for your support.
Re: (Score:2)
This ^^^ I also don't fork over %3, the idiots running around paying cash do and like you my card issuer cuts me in on about 80% of that!
Hope the buffoons never catch on.
Re: (Score:2)
Re: (Score:2)
Oh, you're right. You get all of the fees back in "rewards". Visa and Mastercard and Chase and Wells Fargo and First Data and Worldpay are all just running on fairy dust [visa.com]. You're a very smart person!
Re: (Score:2)
Yeah dude. Americans are extremely different, more than any other race/nation/arbitrary grouping of any other people on this planet. AND! They deserve all this because of the way they are.
Perhaps you should help Americans become less lazy and join in on the feeding frenzy with the other criminals whose behaviour is CLEARLY justified by how terrible and lazy Americans are.
Americans clearly deserve to be raped and pillaged by the immoral because Americans are already immoral by being lazy.
You sir, are a dumba
"Meritocracy" is only for the 99% (Score:2)
The rich get richer, buy lawmakers, allowing them to get even richer and avoid penalties for cheating. Slippery slopes sometimes do happen.
Comment removed (Score:5, Interesting)
Bullshit Headline (Score:2)
"Capital One's Breach Was Inevitable, Because We Did Nothing After Equifax"
That's bullshit. Capital One's breach was inevitable because of the profitability of a successful breach. If you make a treasure chest valuable enough and the prospective criminals needn't risk their physical well-being to make attempts at the treasure, they will keep trying and trying.
You could fine Equifax into the ground and people will still be attacking for treasure. Don't conflate the two. They're related in subject, but there
Re: (Score:2)
Right I am amazed but the foolishness of the article and much of the sentiment in the comments here.
I asked another A/C if they have ever in their life forgot to lock all their doors an windows. I wondered if they had process for auditing the lock states like having their spouse double check each and every time.
Yes negligence should be punishable, cover ups of breaches should be punishable; but there has to be way to say that well you practiced due care and you still got popped. Its interesting if I suggest
Scope of damage was due to additional stupidity (Score:1)
Victims include people who applied for credit over a decade ago.
Unless those same people had a much more recent interaction with Capital One, any ancient data that needed to be stored should have been stored offline or near-offline, with alarms tripped when any of the data was pulled "online" for any legitimate purpose.
Said before, saying it again: (Score:2)
More breaches, please! (Score:2)
Change will only come when the entire banking/financial/credit system falls flat on its face, due to so many breaches and data privacy violations. Then the ones who benefit from a lack of data protection will feel the financial pain and will act to "fix" the problem (maybe not entirely in the consumer's favour, but hopefully with some benefit to us).
It's not sensitive information anymore (Score:2)
Maybe we should just stop thinking of name+ssn+dob as being "sensitive" information. It's out. You know it's out. No, I'm not publishing mine here.. yet. But we ought to not feel weirded out by doing that, because it should be totally safe to me, for hostile strangers to have that info. And it probably already is safe, since hostile strangers do have that info.
Thanks, Equifax. No really.. thanks, Equifax. The cat is permanently out of the bag, isn't it? Isn't it? Can we accept that yet, and acknowledge tha
Sounds a lot (Score:2)
Equifax settled for more than $575 million over a date breach it had
Seems like breaking a date is expensive in the USA.
We did nothing because... (Score:2)
ignorance is bliss (Score:2)
To say that Equifax may not have paid for its security mistakes to the satisfaction of many may well be true. They are, after all, still an operating credit bureau, and divine retribution did not rain down from above in any sense. However, to say Nothing Happened is patently false, given
ALL Breaches Are Inevitable (Score:1)
While the media is quick to condemn companies for breaches, they fail to realize how much time, money, and maintenance goes into cybersecurity. I am a security engineer at a large company and I can tell you firsthand that building an impenetrable security posture isn't just difficult- it's not possible. The reality is that even with every security solution and security framework in place.... you can still get hacked. Obviously, we have to be able to hold companies we interact with to a certain standard, but
If they used the cloud in an intelligent way.. (Score:1)
All they have to do is strategically decentralize their services a bit and put certain elements of their software in the Cloud. Maybe if they used Open Source Software more it would help. Capital One, like Equifax, sounds pretty monolithic from the way I've heard they manage their user data.
time to build a bunker (Score:1)
like the billionaire elites are doing.
Ass backwards! (Score:2)
There is NO SUCH THING as identity theft. There is, however, a great deal of credit fraud. There is also a great deal of libel.
That is, credit card company stupidly hands over a wad of cash to someone who used my name and SSN. Not my problem, I'm not the one that did a stupid thing. I don't have any input into their stupid policies. To them I say, "prove it was actually me of STFU and take your lumps".
But no, they report it to credit agencies who then for some reason take the word of any idiot company over
Real crime here is the software engineering (Score:1)
Take the gloves off ! (Score:1)