Share on
HTML EMBED
Click to Copy
Marketplace Morning Report

What makes a person vulnerable to financial fraud?

May 21, 2019

Latest Episodes

Share on
HTML EMBED
Click to Copy
Marketplace Morning Report
Share on
HTML EMBED
Click to Copy
Marketplace Tech
Share on
HTML EMBED
Click to Copy
Share on
HTML EMBED
Click to Copy
Marketplace Morning Report
Share on
HTML EMBED
Click to Copy
Share on
HTML EMBED
Click to Copy
Marketplace Morning Report
Share on
HTML EMBED
Click to Copy
Share on
HTML EMBED
Click to Copy
Marketplace
Share on
HTML EMBED
Click to Copy
Share on
HTML EMBED
Click to Copy
Marketplace Morning Report

The age of fraud

May 17, 2019

Why do companies wait so long to tell us we’ve been hacked?

Kimberly Adams Sep 11, 2017
Share Now on:
HTML EMBED:
COPY

How long can a company hide the fact that your data has been hacked? Depends where you live.

“Forty-eight states have laws that govern notification about security breaches,” said Chi Chi Wu at the National Consumer Law Center. “Most of them use a standard of, you know, ‘as soon as reasonably possible.’”

There’s a lot of wiggle room in “what’s reasonably possible.” Chester Wisniewski of cybersecurity firm Sophos said there are some good reasons why companies delay, like waiting for law enforcement or winnowing down the list of those affected.

“They want to be sure that they’re not notifying everyone and creating undue panic and also undue cost of course, because there is a cost associated with every victim,” Wisniewski said.

Equifax knew in July that the very sensitive data of 143 million customers were in the hands of thieves. Consumers found out last week. There were big gaps with Yahoo, Target, the Office of Personnel Management, too — gaps that could put consumers at additional risk. 

Equifax said in a statement it notified victims “as soon as we had enough information.” Some consumer advocates and lawmakers have called for federal laws mandating how long companies can wait before revealing a data breach.

Marc Rotenberg at the Electronic Privacy Information Center wants stronger notification rules, “but if that national standard operates at a lower level than the protections that the states are currently offering, or discourages states from developing new protections that Washington hasn’t thought of, that would be a mistake,” Rotenberg said. Protections like the ability to call in a credit freeze, a move many are making now.

Rotenberg warned Congress something like the Equifax breech might happen back in 2011 testimony, asking Congress to pass a bill requiring victims of data hacks to be notified within 48 hours. The legislation failed. 

How We Survive
How We Survive
Climate change is here. Experts say we need to adapt. This series explores the role of technology in helping humanity weather the changes ahead.