BreachExchange mailing list archives
rant: Useless Compensation for Data Loss Incidents
From: lyger <lyger () attrition org>
Date: Wed, 11 Jun 2008 07:32:07 +0000 (UTC)
http://attrition.org/security/rant/dl-compensation.html Wed Jun 11 03:38:35 EDT 2008 Apacid, Jericho If you have been the victim of a data loss incident, odds are you have received a letter from the careless organization that lost your information. These letters always offer apologies and sincere hope that your identity or personal information isn't abused. The recent BNY Mellon incident (which now stands at 4.5 million potential customers affected) resulted in customers receiving such a letter: [.] Notice that in return for having your personal information lost, they are offering free credit monitoring for 12 whole months! This seemingly generous offer has apparently become the standard business practice for acceptable compensation when your personal information is treated with carelessness. BNY opted to go with ConsumerInfo.com's "Triple Alert" credit monitoring product (despite no mention of that 'product' on the consumerinfo.com web page), which watches for changes to your credit reports from the three national credit reporting agencies in the United States (Experian, Equifax, TransUnion). If you are unlucky and get caught up in multiple data loss incidents, you may receive this "gracious compensation" many times over. First, why is this type of reactive credit monitoring acceptable compensation? This seems to be another case of one business following another and... voila, we have an industry 'standard' that does little to serve the customer but does everything to serve businesses that want to look caring and "customer-centric" in the media. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- rant: Useless Compensation for Data Loss Incidents lyger (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents DAIL, WILLARD A (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents M Barnett - TIFRM (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Michael Hill, CITRMS (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Derek Rigsby (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Al Mac Wheel (Jun 12)
- Re: rant: Useless Compensation for Data Loss Incidents Michael Hill, CITRMS (Jun 11)
- <Possible follow-ups>
- Re: rant: Useless Compensation for Data Loss Incidents MKEVHILL (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents David Metcalf (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents Nell Walton (Jun 11)
- Re: rant: Useless Compensation for Data Loss Incidents David Metcalf (Jun 11)