Hacker News new | past | comments | ask | show | jobs | submit login

They are legally obligated, especially in California, to disclose part or all of this breach to customers. But that obligation is not immediate. Give it some time.

According to the Daily Mail article linked above, they've known since mid-July. They could have issued a statement today if they wanted to. I can understand why they didn't do it earlier, to minimize the number of press cycles with their name attached to this incident.

But if this were my credit card company, I would be pretty irked to be finding out about it weeks after the company knew, from the news.

The FBI is probably to blame there, announcing before charges files would be interfering with their investigation

If this is the case, they should have had an announcement ready to go for yesterday. The absence of a response makes it seem like either they’re not taking the incident seriously enough, or they still don’t know the full scope and want to delay their announcement until then.

Either way, not good.

Let me play this sad violin music for them

Do they need to notify those of us not located in California?

YMMV, but all 50 U.S. states require some sort of notice for security breaches.

Nope. You're irrelevant unless they legally have to talk to you /s.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact