Is this only US employees?
Is this only current employees?
Are they going to “pony up” for those of us who have escaped recently?
Staff records – from social-security and corporate credit card numbers, to passport and bank account details – were siphoned from Cognizant by hackers who then doused the IT contractor in ransomware. A pair of disclosures [PDF] from Cognizant to the California Attorney General's office, mandated by US state law, this week shed …
Is this going to be the next status quo from companies? Sorry we leaked all your data, here, have a crap service from us incase your PII is used elsewhere?
At some point, there needs to be some form of compensation to the Data Subject, beyond a crap ID checking service being chucked around for free.
Let's hope Data Protection Laws on either side of the pond don't just get used to fill up treasury coffers, I'm sure we'd hate to see Data Subjects being leveraged for financial gain now wouldn't we??? :)
How much of that personal data was needed? That's actually needed as opposed to "needed" because someone wanted it.
For instance if the business is providing company credit cards why should they need employees' credit card details? I'd like to think that at some point the penny will drop and these businesses will realise that all that "valuable data" they've been hoarding is really toxic waste.
Reading between the lines a bit, I wonder if it was anyone/everyone with a company credit card who had their personnel jackets "misappropriated"?
The employer needs all that info for payroll, pension, medical insurance, reduced-cost loan schemes (bike or car purchase schemes, forex), and all the other interactions between employer and employed. Here in the UK, driving licence or passport info can be used to prove someone has the right to work here so that can count as necessary data. While it would be nice to imagine every employer could have their Personnel information on a system completely isolated from the Internet and only move across the really necessary data when it's really needed, reality is never that accommodating.
"The employer needs all that info for payroll, pension, medical insurance, reduced-cost loan schemes (bike or car purchase schemes, forex), and all the other interactions between employer and employed. ..."
Yeah, but the employer does NOT need to keep it all on a poorly secured Internet-facing system.
Speaking as an employer, we keep stuff like that in (locked) filing cabinets in the office, and the only things of that sort that we put on the computers are the things that our certifiably insane government insists that we keep on the computers. Which, unluckily, seems to be more and more and more and more, as more and more idiotic ideas keep coming - primarily from HMRC, who couldn find their collective arses with their hands tied behind their backs.
Biting the hand that feeds IT © 1998–2020