
Data from Experian breach found on the internet - nsomaru
https://www.timeslive.co.za/sunday-times/news/2020-09-13-data-from-huge-experian-breach-found-on-the-internet/
======
nathanyz
Given the amount of personal data now being held not only by credit companies,
but also big tech, it seems like the liability for data breaches needs
adjusted.

If a companies main asset is their data, that means that you can ascribe a
value to each person's data that they hold. If your data is stolen, they
should be on the hook for value of that data to each of the people whose data
was stolen.

They need to stop being able to value the data at the cost of credit
protection service on the liability side while booking value significantly
higher on their assets ledger. This would encourage them to be much more
careful in both protecting the data and mitigating breaches versus the current
blase approach.

~~~
londons_explore
Data is a copyable asset. Most other assets are not.

Any copyable asset is worth zero as long as any copy is in the hands of
someone likely to make more copies.

~~~
deftnerd
There is a lot of case law regarding digital media, such as movies, tv, books,
etc, stating that the digital version doesn't lose value despite the ease of
copying it.

It's an interesting conundrum that "big business" claims that personal data
being copied doesn't necessarily have value, but entertaining data does.

~~~
bleepblorp
It all makes sense if you accept that the purpose of modern intellectual
property law is to protect the wealth of the rich from the people they
exploited to get rich in the first place.

------
arkadiyt
The Experian South Africa CEO has hilariously said [1]: We were not hacked, a
clever criminal convinced us to give him our data

[1]: [https://mybroadband.co.za/news/security/364636-we-were-
not-h...](https://mybroadband.co.za/news/security/364636-we-were-not-hacked-a-
clever-criminal-convinced-us-to-give-him-our-data-experian-sa-ceo.html)

~~~
dylan604
Isn't that even worse? Now they would be complicit as they freely gave the
data away vs having something stolen. You used the word hilariously. Were you
be sarcastic, or did this person mean the statement as a joke?

~~~
karpierz
I think the "hilarious" part is how disconnected from reality the CEO must be
if they think their quote somehow makes the situation better.

------
Propaganda_
"Breached data still breached" \- The only new thing in this article is that
someone was stupid enough to believe Experian when they said the data had been
"recovered".

~~~
trollied
Reminds me of this:
[http://www.27bslash6.com/overdue.html](http://www.27bslash6.com/overdue.html)

Try to pay for something with a spider drawing attached to an email, ask for
the drawing back afterwards ;)

------
forgotmypw17
All information will become public on a long enough timeline.

------
mkskm
Credit bureaus are required to adhere to CCPA now in California. It might be
worth making the request to opt out or delete your info:

\- [https://experian.com/ccpa](https://experian.com/ccpa)

\- [https://www.equifax.com/personal/my-
privacy/](https://www.equifax.com/personal/my-privacy/)

\- [https://www.transunion.com/consumer-
privacy](https://www.transunion.com/consumer-privacy)

------
Stierlitz
‘The personal data of millions of South Africans, "stolen" in one of SA's
biggest data breaches earlier this year, has been discovered on the internet,
despite assurances that the information had been recovered.’

Technically speaking, how do you go about recovering data stored on any amount
of copies?

------
chromedev
Time for my $0.39 check or a year of additional credit monitoring in exchange
for my credit history and personal information.

~~~
mkskm
Will this change in California now that there's stricter privacy laws? Looks
like the fines are much higher:

> \- Companies that become victims of data theft or other data security
> breaches can be ordered in civil class action lawsuits to pay statutory
> damages between $100 to $750 per California resident and incident, or actual
> damages, whichever is greater, and any other relief a court deems proper,
> subject to an option of the California Attorney General's Office to
> prosecute the company instead of allowing civil suits to be brought against
> it (Cal. Civ. Code § 1798.150).

> \- A fine up to $7,500 for each intentional violation and $2,500 for each
> unintentional violation (Cal. Civ. Code § 1798.155).

[https://en.wikipedia.org/wiki/California_Consumer_Privacy_Ac...](https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act#Sanctions_and_remedies)

------
iafrikan
[https://news.ycombinator.com/item?id=24346674](https://news.ycombinator.com/item?id=24346674)

------
iafrikan
[https://news.ycombinator.com/item?id=24368557](https://news.ycombinator.com/item?id=24368557)

~~~
dang
The convention on HN is to link to previous threads only when there are
interesting comments there. If readers click on a link like this and don't see
that, they'll be disappointed and sometimes come back and downvote the link.

