Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers 43
tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."
Re:Hold Them Responsible (Score:5, Insightful)
Having YOUR stuff stolen kind of is the fine. Your anology doesn't work because in this case, it's not the company's information that was stolen. It was their customers. A bank is a closer analogy but even that doesn't work. I'm pretty sure the bank will compensate you if the contents of your security box is stolen due to their poor security practices.
With this company and the recent Adobe breach, there's no compensation for their customers who had their data stolen. The company gets to just go "Well shucks, I'm sorry guys." Meanwhile, their customers have been exposed to possible identity theft or fraud and they're the ones who have to deal with the consequences.
A couple of years ago, my social security number was stolen from a local university that I took a summer class at. My parents then subscribed to one of those identity theft protection services. Were we ever compensated for the service fees needed to protect my identity? Nope. Would I have been compensated if someone stole my identity and destroyed my credit for life? Nope.
That's the problem.