1.7M potentially pwned after payment services provider takes a year to notice break-in Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven't already, after the company detected an intrusion dating back nearly a year. Slim CD provides payment processing solutions, thus credit card numbers along with their expiry dates are among the data types potentially compromised in the …
"Slim CD takes the confidentiality, privacy, and security of information in its possession very seriously,"
"Upon discovery of this incident,"
I suggest you review these 2 statements as something does not ring true. I suspect 2 is quite correct, but 1 is clearly wrong on so many levels if it has taken nearly a year to find out
This is where the penalties are simply insufficient.
If they are made meaningful then all that will happen is these useless companies that are compromised will not disclose unless it is found by third parties.
At that point the penalties need to be so severe that if they are found they basically stop operating.
Massive fines for directors & custodial sentences, all company assets seized (including any funky manipulation) and then redistributed to those affected.
No need for lawyers to take 90% because it is enacted as company law.
"Slim CD takes the confidentiality, privacy, and security of information in its possession very seriously........ upon discovery of this incident....." the company said in a letter to potentially affected individuals.
"However, priory to the discovery of the incident we didn't give a rat's ass about security" the company didn't say in a letter to potentially affected individuals.
I mean, I don't think there really needs to be an apology. Placing blame on victims (even if the credit card holders are the true victims, this company was still the victim of a malicious attack) isn't great and something that really needs to stop. It's either a vacuous and meaningless sentence tacked on to the end of a statement to make everyone feel better, or it's blaming the victims.
Not a single comment on this post is actual angry at the thieves, just the poor PR from the company. I get that we're giving them our data and trusting them - but really - blame the actual people who stole it...
I'm sure the consensus is utter contempt for the perpetrators, that goes without saying.
The comments allude to the fact that the existence of cyber-scum is and was well known but this company failed to take adequate protection or have detection protocols that would have found the intrusion earlier.
As for their PR, we know, they know, everybody knows; it's meaningless platitudes designed to have the appearance of doing the right thing without actually doing it.
@dlinacre
Let me put it this way to you.
If all your personal information and money was kept in a bank, but then the bank left the doors wide open, with it all sat on a desk, for anyone to walk in and take would you not be angry at the bank?
Then if the same bank then turns around and says, oh we screwed up, but it's ok, all YOU have to do is constantly check on a regular basis that no one is using that info, and if they do YOU, have to clear up the mess.
Oh as a side issue, we suggest YOU change all your bank cards and passwords.
This post has been deleted by its author
is the shift of responsibility.
They suggest YOU monitor your credit status.
YOU have to change all your banking cards and deal with all the shit that goes with it.
YOU have to change all your passwords and logins.
And if anything happens, YOU have to clean up the mess.
And THEY, well, they have to pay to do what they should've been doing for years. Protect their systems.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
