Hacker News new | past | comments | ask | show | jobs | submit login

> Why would any institution take security of the people data seriously if it take a lot of resources if all they had to suffer is to offer 12 months of free credit monitoring?

Serious question from someone who takes their privacy seriously. What actual harms have we documented from these breaches?




I'm not a statistician, but I like barinstorming: - Spearphishing and the consequences of such - Persistent robocalls - Wide net identity theft - Targeted scam calls to family members


> I like barinstorming: - Spearphishing and the consequences of such - Persistent robocalls - Wide net identity theft - Targeted scam calls to family members

Actual, not hypothetical. Again, I believe this happens. But why is it so difficult to document?


It is hard to document and then sue anyone for data breach. Now I have all information needed for someone to open credit cards in my name (ot assume identity in general) from the following sources.

- My old university - T mobile - My health provider

Now if you try to sue any one them regardless of their arbitration mandatory you would have to prove that the harm is because of this particular institution and not the others.

And the notion of identity theft is putting the blame on the people where the actual victims are the banks/dealers and not you. But it is easy to put the responsibility on you.


> if you try to sue any one them regardless of their arbitration mandatory you would have to prove that the harm is because of this particular institution and not the others

No, you'd just have to show the first part. That they caused harm.

> the notion of identity theft is putting the blame on the people where thr actual victims are the banks/dealers

This is a real problem. But I haven't seen anyone successfully tie a case of identity theft, even in part, to a particular breach.


Your second part is answering your first part. You did not see anyone successfully tied it to a particular breach because you have to show that it is because of this breach not other breach.

These companies have deep buckets and will employee laywers who have experience into squashing all the suits of this kind.

Edit: I have much less faith that your question in the beginning was serious with good intentions now.


> did not see anyone successfully tied it to a particular breach because you have to show that it is because of this breach not other breach.

Again, this is not true. If two people steal your data, and you can tie the use of any of that stolen data to harm, they are each liable. The problem is in identifying the harms. Not calculating the attributed damage.

> companies have deep buckets and will employee laywers who have experience into squashing all the suits of this kind

A multibillion-dollar payoff for lawyers and a wealthy plaintiff to get a class certified, and the answer is a conspiracy of corporate counsels?


Because black market databases are often amalgamations of several data breaches, so tracking blame is nearly impossible.


> black market databases are often amalgamations of several data breaches

Sure. But why are these database operators' tradecraft so universally solid that nobody can back out attribution, including law enforcement when they search and seize them?


Serious fucking idiocy


> Serious fucking idiocy

Mature response. Now actually think about it. If you solve this, you've solved the key barrier to incentivizing change. If you can't answer it, then security seems more like an aesthetic preference than a social problem.


Edit : bad answer




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: