
SEC Investigating Data Leak at First American Financial Corp - feross
https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/
======
todipa
Once enforcement is involved, it isn't a kids game anymore. They will dig and
dig until they get to the bottom of this. I hope they make their findings
public...

~~~
situational87
The SEC put a grand total of zero people in jail for the financial crisis. The
SEC put a grand total of zero people in jail and fined Wells Fargo 22 hours
worth of revenue after they blatantly committed fraud and stole from nearly
every customer they had FOR DECADES.

Why on earth do you think they will start being effective at enforcement, now,
all of a sudden, in 2019?

~~~
mlrtime
They also didn't put any individual home owners in jail for falsifying
mortgage documents. They had the upside available and simply filed for
bankruptcy.

~~~
situational87
Yeah those damn poor people falsifying all those documents, that was the real
problem all along! Can you believe some poor people even have running water
and electricity?!?! The gall of these people is beyond the pale.

Find better websites to read, don't repeat this nonsense.

------
whatshisface
This might go down as the first time in US history that a company was
seriously punished for a data breach - are there any other examples of a very
serious enforcement agency like the SEC biting down on something like this?

~~~
cj
“Equifax to Pay at Least $650 Million in Largest-Ever Data Breach Settlement”

[https://www.google.com/amp/s/www.nytimes.com/2019/07/22/busi...](https://www.google.com/amp/s/www.nytimes.com/2019/07/22/business/equifax-
settlement.amp.html)

July 22, 2019

~~~
TylerE
Yes, a whole two months of revenue. That'll totally show them!

I mean, it's more than a slap on the wrist but about 1/10th of what they
deserved.

~~~
theshadowknows
not even, they’ll have bought class action insurance and paid less than half
that themselves

~~~
TylerE
There really should be a corporate death penalty for these sort of massive
failures.

Dissolve the company, sell of the assets, and bar all the C-level employees
from management work for a period of time.

~~~
navigatesol
> _Dissolve the company, sell of the assets, and bar all the C-level employees
> from management work for a period of time._

This is A-level satire.

We should shut down hospitals and ban doctors when things go wrong, too. Or do
you believe corporate executives are inherently evil?

------
cj
Can someone shed some light on why it’s reported that 885 million documents
where exposed, yet only “32 consumers” had their personal information
accessed?

Are they saying that millions of documents were theoretically available, but
only a very small subset accessed?

~~~
omgwtfbyobbq
Most of the documents are based on public personal information as opposed to
private personal information.

------
MaximumYComb
When are companies going to learn that data is very much a burden that cannot
ever be guaranteed to be "secure"? I really want governments to legislate
heavy penalties for data breaches to help solve this.

