So I got a notice from Ticketmaster that my identity was accessed by an intruder and my name, contact info and /encrypted/ payment info was compromised.
These notices are more and more common. Why aren't companies accountable for damages when they fail to protect all the myriad data they collect on people without consent? I never asked them to store these things..
I've come to the conclusion that all these breach notices and the free stuff they offer for X months is a huge scam to get you sign up up for something. Either that, or every company has woefully underpaid/incompetent IT people. I'm waiting for the next news story to break on another company that somehow got passwords or identity info hacked that was stored in plain text...something I learned how to not do back in the 90s with basic HTML and PHP.
In short - I don't believe them. They all are using the same form letters, it's a scheme that they're all in on.
Either that, or every company has woefully underpaid/incompetent IT people
It's this one. Cox Communications, one of the largest telecommunications companies in the US with $11 billion in revenue, recently patched a bug on their self-serve portal that allowed anyone to access any customer's profile. The bug was that server requests weren't being authenticated. If you entered the right info into the URL bar you'd be given a page with anyone's customer info. No login needed.