[Dataloss] rant: Useless Compensation for Data Loss Incidents
lyger
lyger at attrition.org
Wed Jun 11 07:32:07 UTC 2008
http://attrition.org/security/rant/dl-compensation.html
Wed Jun 11 03:38:35 EDT 2008
Apacid, Jericho
If you have been the victim of a data loss incident, odds are you have
received a letter from the careless organization that lost your
information. These letters always offer apologies and sincere hope that
your identity or personal information isn't abused. The recent BNY Mellon
incident (which now stands at 4.5 million potential customers affected)
resulted in customers receiving such a letter:
[.]
Notice that in return for having your personal information lost, they are
offering free credit monitoring for 12 whole months! This seemingly
generous offer has apparently become the standard business practice for
acceptable compensation when your personal information is treated with
carelessness. BNY opted to go with ConsumerInfo.com's "Triple Alert"
credit monitoring product (despite no mention of that 'product' on the
consumerinfo.com web page), which watches for changes to your credit
reports from the three national credit reporting agencies in the United
States (Experian, Equifax, TransUnion). If you are unlucky and get caught
up in multiple data loss incidents, you may receive this "gracious
compensation" many times over.
First, why is this type of reactive credit monitoring acceptable
compensation? This seems to be another case of one business following
another and... voila, we have an industry 'standard' that does little to
serve the customer but does everything to serve businesses that want to
look caring and "customer-centric" in the media.
[...]
More information about the Dataloss
mailing list