On 2022-04-24 at 00:44 +0200, Jaroslaw Rafa via mailop wrote: > Dnia 23.04.2022 o godz. 14:48:05 Dan Mahoney via mailop pisze: > > I would LOVE there to be legal structure to say “Gee, Equifax, you failed > > to demonstrate the basic opsec of paying some junior admin to type `yum > > upgrade apache-struts`, so you don’t get to keep my PII anymore.” I would > > love if there was an option to simply put a flag on my SSN that says > > “gather/sell no data” to any of the dozens of agencies that harvest this > > (radaris et al) and package it up neatly. > > Isn't European GDPR something that is supposed to achieve exactly > this? > > Yes, it doesn't work perfectly, and there are multiple companies that try to > go around it in multiple ways, but it's a step in good direction IMHO. > > At least at the moment when GDPR came into effect I observed a BIG drop in > amount of spam coming to my server. And still, after several years, it > didn't return to pre-GDPR quantities yet... > > Of course YMMV, especially outside Europe...
Yes, I don't think GDPR would allow Equifax to process this data.* But AFAIK they mostly work with USA data. What made this incident completely embarrassing was that the apache- structs vulnerability had been known for a very long time (6-9 months?) and widely publicised. One might understand a small company not "getting the memo", but such a big company? Didn't they have any security people? (it would probably have been harder than a yum upgrade, but using it on production should have rang all alarms months before) That said, I am kind expecting a similar case of "big company that should have known better getting compromised by obvious security fail" with the log4j vulnerability that was discovered last December. Best regards * There are probably a number of loopholes though, such as your companies (banks, insurance, utilities...) looking you up and reporting certain data to this kind of services. But in general, things should be much better under EU legisation than in the US. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
