In the article, the author introduces about the reason why it is hard to punish the companies for data breaches. Sometimes the companies did everything right. Data breaches are because of unlucky, so it is unfair and unproductive to punish them. The hardest part is to determine where the line is between companies that do their due diligence and those that are negligent. Companies do not spend much money on protecting their data. For the companies have data breaches, they should face a combination of consequences that included both fines and corrective security measures. The fines would need to be hefty enough to motivate greater investment in data security and cover their customers’ losses. That makes them understand it is time-consuming and money-consuming if they do not protect data well.
Facebook hack victims will not get ID theft protection
– Dave Lee
On Friday it revealed 14 million users had highly personal information stolen by hackers. It included search history, location data and information about relationships, religion and more. This information can be used by cyber criminals to create social engineering based theft programs on the 14 million affected users.
Typically, companies affected by large data breaches – such as Target, in 2013 – provide access to credit protection agencies and other methods to lower the risk of identity theft. But a Facebook spokeswoman told the BBC it would not be taking this step “at this time”. Users would instead be directed to the website’s help section. The spokesperson would not say if the help pages in question had been updated since the company discovered the recent breach.
Reference: https://www.bbc.com/news/technology-45845431?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-correspondent