Re: [cryptography] [Cryptography] cost-watch - the cost of the Target breach
On Sat, 6 Dec 2014, Jerry Leichter wrote: The British banks have always been much better at fobbing responsibility off on consumers than the American banks - hardly something to be proud of. (I don't know what the state of play is in the rest of the world.) If it's any help, Australian law tends to follow British law, and is slowly rolling out CP; Europe, of course, has had it for ages. And yes, Australian banks used to sue their customers too, for such things as reporting weaknesses in their own systems. -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there)___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] cost-watch - the cost of the Target breach
I often point out that our security model thinking is typically informed by stopping all breaches rather than doing less damage. Here's some indication of damage. http://bits.blogs.nytimes.com/2014/12/04/banks-lawsuits-against-target-for-losses-related-to-hacking-can-continue/?smid=tw-nytimestechseid=auto_r=0 ... The ruling is one of the first court decisions to clarify the legal confusion between retailers and banks in data breaches. In the past, banks were often left with the financial burden of a hacking and were responsible for replacing stolen cards. The cost of replacing stolen cards from Target’s breach alone is roughly $400 million — and the Secret Service has estimated that some 1,000 American merchants may have suffered from similar attacks. The Target ruling makes clear that banks have a right to go after merchants if they can provide evidence that the merchant may have been negligent in securing its systems. ... At the time of its breach last year, Target had installed a $1.6 million advanced breach detection technology from the company FireEye. But according to several people briefed on its internal investigation who spoke on the condition of anonymity, the technology sounded alarms that Target did not heed until hackers had already made off with credit and debit card information for 40 million customers and personal information for 110 million customers. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography