Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dear Sir: Your Credit Card Number Has Been Owned

Posted by timothy on from the do-tell-good-man dept.

An anonymous reader submits: "California has become the first state in the nation to require companies victimized by malicious computer attacks to disclose what might have been compromised to their customers. Dubbed the Security Breach Information Act, companies whose systems are cracked and have credit card, bank account, and/or other significant customer data stolen are required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media. Law takes effect Tuesday, July 1 (tomorrow)."

3 of 179 comments (clear)

  1. Posting on website wouldn't be enough by CastrTroy · · Score: 5, Interesting

    I don't think that posting the information on the website would be effective enough. Sites such as amazon.com may have my credit card number stolen. If I don't visit the site within the time frame that they are displaying it then I may never find out about it. They need to do something that requires less action from the users such as snail/e-mail. I don't think site postings should be allowed.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. ...posted in the basement with no lights. by janda · · Score: 5, Interesting

    To quote the parent:

    ...a notice on their website...

    Yea, all you need to do is find the white-on-white "click here" hyperlink.

    Like I'm supposed to go out every day and check every credit card site, all my bank account sites, every mutual fund site, every stock brocker site, etc, etc, etc?

    Why? Why does the company that has been hacked have to engage in a deliberate act (e-mail, snail mail, phone calls, whatever) except for this? Why not force companies to own up to their mistakes?

    --
    Karma: Food Fight (Mostly affected by Date Plate).
  3. make them pay by slugo3 · · Score: 4, Interesting

    why not make the company responsible for notifying my credit card company? Or better yet make them pay for fraudulent charges that I could prove were from their negligance?
    They screwed up they should incur the cost of cleaning up the mess. If companies were responsible to that degree than watch how high security budgets would skyrocket. If they shouldnt be responsible to that degree with my sensitive information than why bother passing legislation like this?