Comment by jmclnx
9 months ago
>As reported by Bloomberg, news of this massive new data breach was revealed as part of a class action lawsuit that was filed at the beginning of this month.
I am so looking forward to getting my 2.99 USD check from this suit. Of course I need to apply for that check via an on-line site and give them all my personal information.
Great time to be alive.
Here's a fun thought experiment.
How much should National Public Data have to pay the people affected by this breach? The article says there are 2.9 billion people impacted. Let's take that at face value and assume that there are no duplicates in there. How much should each person receive? The article also says that USDoD tried to sell the data for only $3.5 million, so they value it at roughly $830/person.
Now, in class actions, not everyone takes the deal. Most people ignore it or never pay attention to the notice. Let's say, very generously, 10% of those affected take the deal. That would be 290 million people. If you gave each of them $100, that would be $29 billion dollars. Do you think National Public Data even has that kind of money? What if we gave everyone just your $3? That's $870 million. I don't think this data broker probably even has that much money.
Your only real hope of getting a sizable payout from this class is either a) NPD is sitting on a mountain of cash or b) a very small percentage of users get paid. Anything else and the money isn't there.
When people say that there need to be criminal, go-to-jail type repercussions for not securing data, this is why. People value their freedom much more than businesses value staying solvent.
Planet Money just did a great episode on how class action lawsuits actually work, from both sides[1].
[1] https://www.npr.org/transcripts/1197961271
> The article also says that USDoD tried to sell the data for only $3.5 million, so they value it at roughly $830/person.
When I divide 3,500,000 USD by 2,900,000,000 people, I get $0.0012/person. How do you get $830/person?
I think it was suppose to be 830 persons / $1.
1 reply →
I don’t want their $3 or even $3000, if I am eligible for payout.
Instead, I’d like to force this company (and others similarly) to put all kinds of precautions in place. Also warn them that the next breach would result in severe penalties, assuming they could’ve prevented the breach in the first place.
I would rather put these clowns out of business, as they obviously can't be trusted in the first place, and are undeserving of a second chance after causing one of the largest leaks of PII in history. They should not have an option of paying a fine, putting in whatever "mitigating controls" a useless audit lets them skirt by with, and continuing business serving our data they never should have been allowed to posses in the first place.
Where do these scumbags even begin to get this information on every human's most intimate data, and what allows them to operate as a trusted source of protecting this information?
I also want to know who does their audits, and who regulates them?
It is unbelievable organizations can appoint themselves resellers of OUR information without any of us even knowing who they are or how many there are.
This is an industry the FTC should be involved in regulating heavily. Lina Khan always needs a new degenerate company to kick around, let's start with these guys.
1 reply →
> Do you think National Public Data even has that kind of money?
If they don't have insurance for this precise problem then I think we should go after the owners personally. I'm sick of the shell game. Pierce the veil.
A fun thought experiment: the company loses the suit, with both actual damages and punitive damages large enough to bankrupt the company. The company is sold for parts and other companies become a little more wary of repeating the same mistakes (hopefully better security around their core business value).
This suit opens the company to discovery in which several jurisdictions get access to their books and methods, opening them up to litigation and prosecution in places like the EU.
The $2.99 check is not the only benefit I get from a class-action lawsuit.
Only 450 million SSNs have been assigned (and only 1 billion are theoretically possible...)
No, they should sign you up for free Credit Monitoring for 7 years. All I would get is a letter stating something like this: "Your Credit is being monitored by firm xxxx, you will receive notices from them by Mail when items of concern are noticed" along with a real direct line phone number to call with questions.
I should not have to do anything nor give any information. Why 7 years, that is equal to the Statue of Limitations for saving US Tax Documents.
That alone will end these breaches almost over night.
(It's a myth that there's an IRS 7 years 'statute of limitations'. It's far more nuanced than that: https://www.irs.gov/businesses/small-businesses-self-employe... )
However, it's still a reasonable time frame, and also, probably coincidentally, 7 years after the last update on any individual record is how long it will take to essentially reboot your U.S. credit report, so seven years sounds quite reasonable.
1 reply →
This is exactly why insurance was invented.
You don't get a check, you get a gift card for a credit monitoring service that you will never use because all your data leaks all the time already.
Motherfuckers asked my wife her SSN when she was getting a store card the other week. Not a credit card, a store card.
I had a pawn shop try to take my social to buy a air paint sprayer. They said it was a city ordinance.
I left empty handed, even though I think SSN shouldn't be used as a password.
Now that would be a violation of federal law. I would inform the store that my wife is a lawyer, and we can have her law firm contact their law firm to discuss why they are in violation of federal law.
Then I would ask them if they want to reconsider this possibility.
Now, if you actually want to use this tactic, I would suggest you look up the federal law in question, so that you can quote it by section and paragraph. Maybe keep a printed copy with you.
air paint sprayer seems innocuous, but given the problem of graffiti (no matter where you actually live), they likely weren't lying to you.
1 reply →
Technically, they’re still a creditor, and creditors get special privileges when it comes to things like that. So, while I would refuse, it’s probably not a violation of federal law.
What is a store card in that case, and how does it differ from credit card (other than, I assume, the place you apply)?
The store cards I have seen are simply store-branded credit cards.
Based on the intonation, I'm guessing it's a "loyalty" card - it tracks your purchases, unlocks some level of default discounts, and will often accrue points you can then use for various purposes. Giant Eagle in the US is a good example - you earn points for every dollar spent, then you can redeem the points for percent off gas at their gas station, a percent off coupon, etc.
(the above description is very bland - add in anti-capitalist/m messaging wherever you deem appropriate, I won't argue)
Some store chains still have their own credit cards that aren't just co-branded. Far less common these days but I've still occasionally signed up for discounts on large purchases.
> What is a store card in that case, and how does it differ from credit card (other than, I assume, the place you apply)?
It's not a credit card, debit card, or any other kind of payment card. It's not even, like, a COSTCO membership card.
It's a tracking card that is used by the store to track your purchases in exchange for a small discount on some items if you swipe it at checkout.
1 reply →
Actually, you get one free year of credit monitoring.
After the first year, you'll be asked to pay for monitoring.
Actually, you'll need to input your credit card or other payment details for the one year, and after the first year they'll automatically remove money from it. Cancellation is not posible.
1 reply →
Given how many data breaches I've been in, I'm pretty sure I have more unclaimed years of free credit monitoring than there are grains of sand on a beach.