Slashdot Mirror
CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
The only way to fix this is criminal liability, with very stiff fines.
If they're going to continue to be incompetent at security, hit them where it hurts ... right in the profits.
As long as corporations can say "oops" and just pretend that two years of credit tracking like this, nothing at all will change.
Until then, corporations will be as incompetent and lazy as the law allows ... which is pretty much as incompetent and lazy as they want to be.
If you don't make the company pay actual fines, escalating to much bigger things for repeat offenses, corporations will simply do whatever their PR consultants tell them they can get away with ... basically nothing.
Lost at C:>. Found at C.