Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Data Theft Notifications - How Soon is Too Soon? 137

Posted by Cliff from the sooner-than-later dept.
bsdbigot asks: "I started getting a bunch of stock-tout spam in the last month or so. The other day, I happened to look and see it was coming in to an email address I had dedicated to my online trading account account. I've spoken to the online trading company, and I've given them the info on these spams. It turns out there is an 'ongoing investigation,' which includes 'outside agencies,' but they stop short of saying that there is any theft or breach. How soon should such a company let its customers know that their data has been compromised? Should they wait until they have all the details and have plugged the breach, or should they let customers know that there is a possible problem as soon as they recognize it?"
"Personally, I believe a security breach has occurred. So, I asked them how many people are affected by this; they feel certain that it's an isolated problem, because they haven't received a deluge of complaints. They don't know how these spammers got my reserved email address from my online broker (but they didn't sell it, they are quite clear on that), so how can they be so certain it's not their entire database, and how can they be so sure that things like my SSN and bank routing information wasn't also stolen?"
This discussion has been archived. No new comments can be posted.

Data Theft Notifications - How Soon is Too Soon? More

Data Theft Notifications - How Soon is Too Soon?

Comments Filter:

  • Do more (Score:4, Insightful)

    by omeomi ( 675045 ) on Friday September 22, 2006 @11:45PM (#16164743) Homepage
    They should do more to keep it from happening in the first place. Seriously, there's a new breach at some major corporation or government office every other week or so. It's ridiculous.

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Saturday September 23, 2006 @12:08AM (#16164839)
    Comment removed based on user account deletion

  • Re:Do more (Score:4, Insightful)

    by AusIV ( 950840 ) on Saturday September 23, 2006 @12:24AM (#16164899)
    That's easy to say, but it's really not so simple. Some data leaks happen because of software issues. More likely an employee figured they could make a buck selling data. Hiring more trustworthy employees requires paying more money, and that has to get passed on to the customers, who in turn take their business somewhere cheaper and less trustworthy. Customers want security, but they're not willing to pay a little extra for it.

  • Re:Do more (Score:4, Insightful)

    by omeomi ( 675045 ) on Saturday September 23, 2006 @12:39AM (#16164955) Homepage
    Hiring more trustworthy employees requires paying more money, and that has to get passed on to the customers, who in turn take their business somewhere cheaper and less trustworthy

    For companies and agencies that have to have highly sensitive information like SSN's on file, there should be an exceptionally small number of people who have access to that information. A small enough number that I can count them on one hand. And none of those people should ever be allowed to take any portion of that list out of the system in any way, not on a thumb drive, not on a laptop, nothing. The vast majority of the employees should only be able to access the last 4 numbers of any given person for varification purposes.

  • Re:How stupid is E*Trade? (Score:3, Insightful)

    by jfengel ( 409917 ) on Saturday September 23, 2006 @01:30AM (#16165141) Homepage Journal
    I would expect that a spammer would automatically strip out anything after the +, but I don't have any experimental data on that.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Saturday September 23, 2006 @05:06AM (#16165877)
    Comment removed based on user account deletion

Slashdot Top Deals

It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.

Close