Data broker leaves 600K+ sensitive files exposed online More than 600,000 sensitive files containing thousands of people's criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher. We don't know how long the personal …
"And as usual nobody gets fired..."
Nobody goes to prison is the real problem.
Yes, getting punched in the face is a bit more traumatizing, but you could probably heal from that much faster and there are people that will help you to recover and run down the person that did it. Get your identity stolen, your finances whizzed up in a blender and the filth have no clue what to do, claim they can't do anything or pawn you off on another agency so you can listen to the version of "Girl from Ipanema" they have for their on-hold music.
"Yes, getting punched in the face is a bit more traumatizing, but you could probably heal from that "
Also you can heal from bankruptcy.
Privacy legislation needs to be underwritten by criminal convictions. GDPR is but I suppose that's a bit too socialist verging on communist for the US.
"It can SERIOUSLY screw your life for decades"
Unless you're one of the disgustingly well-heeled, in which case all traces of the bankruptcy miraculously evaporate overnight and you continue business as usual, perhaps at worst with the inconvenience of having to create a new trading name.
I spent a good amount of time dealing with people who'd been bankrupt, one of them had been bankrupt twice and he was very interesting to talk to about the process.
You don't need to be particularly rich to make it relatively painless and easy to recover from, the key part is structuring your business "correctly" at the start.
"Also you can heal from bankruptcy."
The point I was making was for that, you'd be doing it all yourself. The government might even be an adversary in that process with loads of forms and appearances to show that you aren't the one that made the fraudulent charges, aren't dead, weren't liable for the tax since it wasn't you, etc. When you do clear up the mess, some office won't have been notified so you'll get an ominous notice about being seriously in default of something or another and might be put up on charges.
It's egregiously don't-give-a-fuck corporate malfeasance/ignorance such as this which will spark the rebellion of the neo-Luddites, and of people simply not putting up with it any more.
"Burn down the mission, if we're gonna stay alive.
Watch the black smoke fly to heaven; see the red flame light the sky."
I know there are laws involved in this sort of thing, but by far the most useful thing that the Researcher could have done was to delete all of the information in those buckets.
I would go with the following steps:
1) Call the company. Inform them and give them a day to lock the bucket.
2) If on the next day the bucket still open, (using a VPN) delete all information in the bucket.
3) Call the company, and congratulate them for taking all the data offline, but ask them why they didnt just secure the bucket at the same time?
4) Exist Stage Left
Oh and probably check occasionally, to make sure they dont just add the data back into the unlocked bucket.
I'm sure with such terrific IT security, they would have back-ups of all of their data, right? Right?
It would need a law change first. Otherwise, ethical or not, cracking is still a crime. Deleting a file would fall into this capacity. The firm finding the issue would be at risk, rather than the untrained bod that put the file up there in the first place...
So unless the law is changed, in multiple jurisdictions, (good luck with that) to allow it, /shrug
The public needs to know who runs operations like this.
I keep suggesting this. For every category of personal information held on individuals, the execs need to publish and maintain their own on a public website. Most businesses already have an 'about us' section on their websites, so it would be easy to add that data to their exec bios. They'd probably argue they don't want this information made public. Well, guess what, neither do we.
A few times when I've been through the list of missed calls, I've typed the number into Google (or similar) and the results have turned up Excel or similar files containing partial matches... (I've never bothered to check further)
(the 'broadband support' guys seem to have returned in honour of Scam Safe Week! None for months then 3 in a week)
Situations like this are THE reason why everybody should take every step possible to prevent any and all unnecessary personal information from being handed over (or harvested!).
But, most people STILL can't get it into their heads that this kind of thing is possibly going to be the end result of their attitude to data mining by everyone and everything from supermarket loyalty cards/apps to the obvious villians like Google, Meta and Amazon. It staggers me why people won't comprehend that their details get passed on elsewhere and are likely to end up in the hands of a substandard organisation such as this at some point.
Identity theft will very likely screw their life and mental health up to a far greater extent than bankruptcy !
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
