You might argue that not every data hack deserves a corporate death penalty. That’s reasonable. Neither Target nor Home Depot, for instance, is primarily in the business of storing your data. Both were hit in hacks for millions of people’s credit-card data, but after they offered some penance and promised to fix their systems, it’s not unreasonable that you would continue to shop at their stores.
And you might argue that hacking is impossible to avoid no matter how many security measures companies take. Unforeseen calamities happen in complex systems — banks are robbed, airliners crash, car engines blow up.
But the Equifax case is troubling because neither of these arguments applies.
“If it fails at its one job, it really is quite hard to justify using it again,” said Steven S. Rubin, a lawyer who specializes in cybersecurity law at the firm Moritt Hock & Hamroff.
Equifax is quickly muscling in on “first against the wall when the revolution comes”.
WTF!
I wonder what the use of this outside template means? “Our development people are swamped.” “Our website can’t handle the traffic we will go to an outside expert.” or Senior executives with no background in IT security are now in charge since the IT security people have been sacked."?
Per Equifax, this arbitration clause applies to the credit monitoring service, and not the data breach:
And to pre-empt the chorus of “why should we believe Equifax,” this would be considered a party admission in a court case and be held against Equifax, so they would have a pretty hard time weaseling out of it. I’m not a fan of theirs, or trying to come to their defense, but I think it’s important we know the facts so we can act appropriately.
The revolution can’t come soon enough.
It will be a very crowded wall.
I’m not a real legal-person, but I’ll answer anyway that, it depends. One looks at whether assent was somehow given, and that also depends on what sort of notice there was. I believe the contract in this case was of the browse-wrap variety, so not even a click-wrap agreement, and that makes a big difference.
The other part of it is if the contract, or some part of it, is unconscionable (“extremely one-sided in favor of the person who has the superior bargaining power”). That could potentially apply to the type of argument you suggest.
Equifax clarified that those terms are not to apply to the service for checking about the breach, so it’s somewhat academic. Nevertheless, fuck them and the system they produce/enable.
Hey CC-loving boingers, if you’re going to use one of KC Green’s comics in your memes you could at least credit him.
I imagine that these companies have some legal protection against being sued for libel over publishing incorrect credit information? (Beyond being able to afford enough top law firms to crush anyone that tried.)
but, but, but it was ‘state sponsored hacking’ (I’m sure), so there was nothing that could have been done (surely), and, ‘oh them nasty Chinese/Russians/North Koreans’ their fault alone (presumably), so let’s just get over it (really). I mean ‘if you have nothing to hide, then you Shouldn’t be concerned’ (,yes?), and anyway Facebook/google/apple/uber/whathaveyou sells your data, too, so you’re hypocritical.
There.
Oh, oh and:
FAKE news, SAD, failing liberal media
done. #mikedrop
So their assets, the biggest of which is their giant database, gets sold to the highest bidder(s).
I’m sure they will totally be legit.
What amazes me is that I am a good spouse and good father. I am an active member of my community. I’ve coached hundreds of kids in our town soccer program. I’ve been with the same firm for going on 17 years. I’m a professional and recognized as a thought leader in my organization.
And yet my value and trustworthiness in the eyes of business and lenders is not affected by any of these things one iota. It’s all about some number that Equifax, Experian, and Transunion have assigned me.
They cannot be trusted with my information of data. And yet they get to decide if someone should trust lending me money.
That. Is. Sad.
goddamn that is awful. That’s way beyond hiding bad results, reports in fake journals, overcharging, etc. Well, maybe they’re all equally bad, as in EVILLLLLL!.
Sadly everyone reporting on the breach, including the FTC, is linking to that site.
like the Bear-Stearns scandal, the AIG/WAMU/Lehman Bros sub-prime mortgage scandal, the Dynergy banking scandal, the… (insert scandal here where rich guys stole lots of money and got off scott-free)
if you smoke the wacky-tebakkey? ya go to jail
if you are brown - ya go to jail
if you are super wealthy and steal millions? you add it to your resume and keep moving
when do the people riot in the streets with torches and pitchforks?
It would appear that Americans aren’t the only “beneficiaries” of Equifax’s unique approach to data security. Their Argentinian credit report dispute management portal (which housed over 14,000 claims) was open to the internet and secured by the unbreakable username/password combination of admin/admin.
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
This topic was automatically closed after 5 days. New replies are no longer allowed.