Vistaprint exposes customer data via unsecured database – #security #privacy #cloud https://t.co/OsFTeB2aXf
— Nigel Gibbons (@NRG_fx) November 26, 2019
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
“Regardless of the number of individuals affected, the type of information exposed leaves Vistaprint\’s customers vulnerable to identity theft and fraudulent activity. The number of those affected will have an impact on repercussions; Vistaprint may face from data privacy regulation fines. With GDPR in full effect, we’re beginning to see massive fines levied against companies and CCPA is set to take effect in January 2020 which calls for fines ‘…not less than $100 and not greater than $750 per consumer per incident or actual damages, whichever is greater.’ While there might be less damage control, the information is still readily available on the dark web.”
“One of the key pillars of capitalism is that companies do what is right, because doing the wrong thing costs them money and their shareholders react by changing the board. But what happens then when boards fail to understand even the most simple of Information Security principles and worse, when the shareholder organisations are similarly ill-equipped to understand the risks?
Presumably, national Information Commissioners will continue to fine these organisations until either they learn, or eventually a younger, more security-savvy generation of executives take over. In the meantime, we can all expect to have to replace our credit cards semi-annually and ensure we’re signed-up to credit check agencies.
National governments stand to make a small fortune from these fines, but little of that is likely to come back to the individual victims of data theft. We have a long road ahead of us and I have yet to discern the faintest glimmer of light at the end of the tunnel.”