Is It Illegal To Get Hacked?

from the define-reasonable-procedures dept

Tower Records and the FTC have apparently reached a settlement after the FTC accused them of allowing hackers to access customer records. This brings up a very interesting question that isn't often discussed. Since hack attacks to get at customer data happen all the time how does anyone determine whether or not the company itself is negligent in not protecting the data? At what point is it negligence rather than just being vulnerable? If the standard is set too low, then companies have less incentive to protect their data (though, pissed off customers may provide that incentive). However, blaming the victim for being hacked seems to present a lot of slippery slope style questions.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    AMetamorphosis, Apr 22nd, 2004 @ 7:56am

    BJ's Club


    Mike,

    My parents just went through a lot of crap getting debit & credit cards replaced because of the recent BJ's club fiasco.

    I've provided this link because we are from Pennsylvania for those not aware of the theft of data that occured with this merchant.

    http://www.philly.com/mld/inquirer/2004/03/31/business/8315762.htm?1c

    Businesses that do not adequately secure their data are responsible. Period. It is no different than an unethical Dr. that would not keep patient records confidential. Frankly, I still do not understand why BJ's club had their CC & debit card #'s on record in the first place. I would imagine that the only thing that should be in their compromised database in the first place is the member names, addresses & an account # that BJ's can use for THEIR records. It really shouldn't matter in what form the members choose to pay for their purchases & I would like to see laws that would make it illegal for institutions to keep YOUR CC & debit #'s on THEIR databases unless you specifically allow them to do so. Systems should be set up to delete finacial information once the transaction is completed.

    Can someone give me a good explanation of why BJ's might have kept my parents CC & debit card #'s to begin with ? I would honestly like to know so I have a better scope of this.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This