Data Breach Could Test Massachusetts Law

Gunkerty Jeb writes "The Massachusetts Attorney General has been notified that financial data on 1,800 residents was exposed in a database breach linked to the CitySights NY sightseeing firm. Could this be the test case for enforcement of the State's nine month-old data privacy law? The leak of financial information on more than 100,000 customers of the CitySights sightseeing tour company could prove to be an early test of the nation's strongest data privacy law."

I'm not.

[Anonymous Coward]

. the other side of me knows that you can only deter so much, if someone really wants in, they will gain access one way or another...

Tough shit. If a company is going to store that information, then they need to protect it. There's absolutely no reason what so ever for a sightseeing company to store credit card information. None. Customer comes back next year, well get the card number again - the card could be expired anyway.

And companies who keep it on file for things like automatic renewals at magazines - fucking Scientific American does this whether you like it or not when you subscribe online - then they must protect that data. Someone breaks in? Too fucking bad. It's their fault - no excuses.

Re:Violation of Payment Card Industry regulations?

[MichaelKristopeit317]

so the credit card merchant services provider is then storing the full card information? someone MUST be. if the hash is interchangeable with the card number, then the hash IS the card number for all intents and purposes.