Bloomberg on the Equifax data breach:

[K]eeping data secure is difficult, and Equifax is hardly the first company to let people down in this fashion. Also, it’s too soon to know how the breach happened, whether the company was negligent, and what kinds of additional defenses could have made a difference.

Um, you are wrong, subprime breath.

Dave Schuler grasps the obvious:

Let’s stop right there. By definition if you’re robbed the controls you have in place were inadequate to prevent the robbery. You were negligent. What the editors of Bloomberg are talking about is criminal negligence.

That’s why I’ve been arguing for strict liability. Equifax should be held responsible for the consequences of their actions and inactions whatever its managers’ intent and whether or not they were reckless. It also explains the math I’ve been citing: if every individual whose data has been exposed due to Equifax’s heedlessness is compensated for a single hour of remedial action and/or worry about it, that alone would be enough to break the company.

Think Takata and airbags.

[T]here are already plenty of laws on the books to deal with this situation. What is missing is the will to enforce them.

Isn’t that usually the case?


  1. McG »

    20 September 2017 · 10:52 pm

    Nobody wants enforce laws that may snare them next. I suspect much of our politics may be explained in Act I of “The Mikado”.

  2. fillyjonk »

    21 September 2017 · 5:57 am

    In before someone somehow blames the “consumers’ (who really are apparently actually the “product” of Equifax – we didn’t ask them to hold our data) for not being more attentive or somesuch.

    This is a bigger version, I think, of the “oh noes, skimmers are being installed on credit card readers so customers should just carry wads of cash everywhere to avoid the problem”

  3. Holly H »

    21 September 2017 · 11:53 am

    I went to the Equifax website to accept their offer for free monitoring. It asked me to enter the last 6 of my social, and last name. Then it computed for a few seconds, and came back with “Yes, you probably were compromised.”

    Then my son tried it, using bogus numbers and name. Guess what? He got the same message.

    ie, EVERYBODY probably got compromised.

RSS feed for comments on this post