Delicious irony: Credit rating builder Loqbox lets customer details and card numbers slip after 'sophisticated attack' Fintech startup Loqbox has fessed up to suffering an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers. The company, which aims to help consumers improve their credit ratings, told customers that an external attack had compromised the two digits of …
Dear customer, we are really, really, sorry about this sort of a thing happening. Doh! there it all goes again! You do know that all these billions of bits of data that you gave us are flying around all over the place really, really, quickly, inside some very, very, expensive computers (that you are ultimately paying for), and that it's dammed difficult to keep hold of it all terribly securely.
But don't worry too much, there's probably a clause, somewhere, that you implicitly agreed to when you signed up to our service and we feel sure that that will be enough to exonerate us from any responsibility. Meanwhile may we suggest that you change your name by deed pole, move house, change all your phone numbers, change ISP, change all your social media account passwords, change all of your other passwords and switch your bank account to another bank, simple!!
We look forward to going forward with you on a forward looking customer focused data journey in the lovely fintech future and feel sure that we will be able to manage your personal data more securely in that shiny, shiny, future by, maybe, stuffing it all in some old manilla envelopes down the back of the filling cabinet, or something.
Go forward together with us to a brighter digital financial future (cos we don't like to look back too much at all the damage and chaos that we have left in our wake), or take any 'credit' for it.
-----------------
Oh! bright, bright, shiny SECURE! digital future wherefore art thou?! (cos a lot of people would like to know)
"IMHO, they have done the right thing:"
I'm pretty sure they were handed a warning attached to a deadman switch.
IE: "If you don't disclose this, it will go public on XYZ date via a third party in another country you can't stop, along with the fact that you were given the warnings - and and by the way there's a copy in registered surface mail making its way to US financial regulators at the moment, so you'd better act before they do"
Some company playing fast and loose with peoples' private and financial information, getting eventually hacked (it's a question of "when", not "if"), and then emitting a vague "we take our customers' well-being very serious, now get off our case already" type statement. Where have I heard this before?... Oh no, it wasn't some over-the-top Hollywood disaster film, no, it was the news...
21st century, the century where your financial and social well-being is never safe.
Some thought experiments should demonstrate why such a service is a good thing. Credit ratings allow businessmen to extend themselves in otherwise risky transactions with people they do not know with reasonable expectations of not being wiped out. Consumers that perhaps have not had the opportunity to build credit engage in a low-risk transaction to demonstrate that they can be trusted to make payments.
In 1988, I was enlisted in the US Air Force. The airline MUCH preferred I use a credit card. After some serious back-and-forth, I was able to get a card--$1500 limit, I think, with a $60/year annual fee. That was a MUCH more difficult and expensive service than this appears to be.
I forwarded my copy of the email to El Reg on Saturday after receiving it. Mostly due to this closing line, which irrated the crap out of me:
"We want to thank you for your goodwill and support as our team works around the clock to help those impacted"
No Loqbox, you are not the victim or saviour here, and the 'goodwill and support' is downright cheeky... The remainder of the email is the usual weasily nonsense that you've all seen many times.
This is why I avoid financial aggregators like Mint, Yodlee, etc. It's bad enough that each individual bank, brokerage, etc. seems to struggle with data security. But with aggregators, an attacker can get all of their customers' data for all accounts in one breach. That's way too big a risk -- especially since these companies don't do anything that you can't do for yourself with a spreadsheet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
