Tuesday, January 10, 2006

Security? We don't need no stinkin security

Ya mon....The Bahamas, land of 'no worries mon' and beautiful white beaches. Home of one of the most luxurious hotel/resorts in the world, the Atlantis. Where apparently computer security takes a back seat to making sure that the drinks are appropriately watered down for all the tourists.
A story today on Security Focus talks about how upwards of 50,000 people had their records stolen from a database that the hotel had compiled.
Now, just curious, but how in the heck can companies be so lax in their security with all the incidents that have happened over the last several years. I am a security professional, and as such I am probably way more paranoid than most in this subject, but I fail to see where it is that companies like this are even taking the most BASIC steps to keep their customers data secure.
And then they have the balls to offer 'free credit monitoring' to their affected customers.
My bank, Lasalle Bank, lost a backup tape containing info on over 2 million of their mortgage customers and offered their customers a subscription to a credit monitoring service for 90 days. Apparently the good customers of Lasalle didn't think that was good enough and plenty of us called to complain and as a result they upped it to a year. A bit better, but still, do any of you know the cost to clean up your credit after your ID has been stolen? I have a close friend who does. She's STILL working on making sure her stuff is clean after several years (heya S). I loved going on jobs with her and having a client make light of times when client data may have vulnerable and watching the steam come out of her ears as she lit into them.
Bottom line, we as consumers need to hold these companies responsible for their incompetence and negligence. We need to stop patronizing places that can't secure their data. We need to file class action lawsuits against companies that allow hackers to pwn their stuff with impunity.
Stick up for yourself Americans... no one else will.

No comments: