These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
Instantly makes ransomware [edit 2: my brain was being dumb, I didn’t mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.
Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.
In the case of this breach, I’d be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we’d be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer’s fees, not me.
These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
But instead they will be fined, and they will pay that fine to the government.
They just pay up and do it again. It’s a business expense, not a punishment.
I expect they get themselves insured for it
and then, us as the consumer will pay for the fine as well
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
Oh if only I was European.
Instantly makes
ransomware[edit 2: my brain was being dumb, I didn’t mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
If the data is breached, won’t we find out anyways once they start selling it?
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.
In the case of this breach, I’d be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we’d be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer’s fees, not me.