Is It Illegal To Get Hacked?

from the define-reasonable-procedures dept

Tower Records and the FTC have apparently reached a settlement after the FTC accused them of allowing hackers to access customer records. This brings up a very interesting question that isn’t often discussed. Since hack attacks to get at customer data happen all the time how does anyone determine whether or not the company itself is negligent in not protecting the data? At what point is it negligence rather than just being vulnerable? If the standard is set too low, then companies have less incentive to protect their data (though, pissed off customers may provide that incentive). However, blaming the victim for being hacked seems to present a lot of slippery slope style questions.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is It Illegal To Get Hacked?”

Subscribe: RSS Leave a comment
1 Comment
AMetamorphosis says:

BJ's Club


My parents just went through a lot of crap getting debit & credit cards replaced because of the recent BJ’s club fiasco.

I’ve provided this link because we are from Pennsylvania for those not aware of the theft of data that occured with this merchant.

Businesses that do not adequately secure their data are responsible. Period. It is no different than an unethical Dr. that would not keep patient records confidential. Frankly, I still do not understand why BJ’s club had their CC & debit card #’s on record in the first place. I would imagine that the only thing that should be in their compromised database in the first place is the member names, addresses & an account # that BJ’s can use for THEIR records. It really shouldn’t matter in what form the members choose to pay for their purchases & I would like to see laws that would make it illegal for institutions to keep YOUR CC & debit #’s on THEIR databases unless you specifically allow them to do so. Systems should be set up to delete finacial information once the transaction is completed.

Can someone give me a good explanation of why BJ’s might have kept my parents CC & debit card #’s to begin with ? I would honestly like to know so I have a better scope of this.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...