Biggest Hack so far: 100 million T mobile customers personal data including social and DL

We’ve been screwed since the Equifax hack.

 

I never got a dime from either Equifax or Yahoo’s breach’s.

 

Why would a cell phone company have your SSN?

 

Cell phone companies often do a soft credit check when a customer does equipment installment payment plan on a phone.

 

There is no real standard for security in the world of tech and bad practices are rampant, from personal experience. There are things like SOC-2 compliance, but its not mandatory and for most companies that started from founder-led startups where the founder has little traditional CS or development experience (surprisingly a lot) the only thing on their mind is ROI. If things are NOT built from the ground up to certain standards then its impossible for companies to focus on it vs. chasing whatever has an actual ROI.

Don't want to name names, but we had a personal audit on how long it would take to get us to SOC-2 compliance. About one to two years and its since been ditched.

Also, for most places while they let you deactivate your account, etc. the data still lives in a data warehouse or archives somewhere. Never gets scrubbed -- its there forever.

Finance and healthcare do have a lot of additional requirements, but we've seen breaches there too. So while big companies are losing data like this periodically, its probably happening a lot more frequently (and quietly) for mid and small size companies.

 

Verizon and ATT do hard pulls as im sure TMobile. They are not soft.

I will cavet and say this may have changed over the last couple years. If you give your SSN, expect a hard pull. They always lie.

 

Good to know. Thanks!

 

I think it maybe time to stop giving away so much information
cause they are not good custodians of our information these days

Rocket River

 

Most definitely.

Seriously. . .. If a company is making 10 million a year
They probably not going to invest 2 million in protecting customer data
even if it is a one time investment . . .

Give up 20% profit for something that is not profit producing?????
nnnaaah . .. it'll be fine

Rocket River

 

When I met my now wife she had applied to be a travel dentist for the military. There was a hack and they got all of her information from the government. Since then almost every year someone tries to file her taxes. We stopped getting mail a couple times and post office said someone requested for them to hold it. It is a pain to deal with.

 

Haven't tried with the phone companies, but always worth asking for other options. If they'll take a deposit or something else I'll normally go that route. Last time I switched energy providers they wanted my social. There's no way they need that, go ahead and hold some money until next year when I move to the next company I've never heard of before.

 

Not realistic to put the burden on hundreds of millions of individual consumers to protect themselves. We need laws that require businesses to protect their customers' data privacy and pay the price of their failures. If they have a business model that can't sustain that level of responsibility, don't the door hit you on the way out.

 

True but the regulations have to have teeth
We need a Corporate DEATH PENALTY
where the government can shut down a business for gross negligence and incompetence

Rocket River

 

Honestly . . . ID Theft and the like needs far more punishment than they get
If caught . .. Chop off their f*cking fingers

Rocket River

 

I remember after BP's Deepwater Horizon disaster, I wanted a corporate death penalty. They screwed up so bad and caused so much damage, I wanted to be able to revoke their license to exist. Thinking back a decade later, I honestly still like the idea. I still hold a grudge against BP and wish we could have forced them into annihilation.

But, (having some work experience in industry regulation) I can already hear the howls of the lobbyists. And some good counter-arguments. But, we needn't let perfect be the enemy of good, as my father would say. Stronger regulation over our data privacy and security would still be good even if we don't manage to make it as strong as it needs to be. The EU has a stronger regimen; it's not perfect by any means, but we could follow in that direction. We need something, because consumers are left feeling like they're left open for the pickings.

 

These companies shouldn't ever store your sensitive data. After the credit check, discard it immediately. Make it a huge penalty for not complying and a bigger penalty for breach.

 

Killing a corporation only hurts the share holders and allows the incompetent executives to simply recreate a new company to rinse and repeat.

Level C management and board members need to be held responsible.

But in America, we like to hold clown shows with all politicans as the jesters while corporate american leadership plunders americans wealth.