It is always tragic when news about data breaches and public dumps of said data affect tremendous numbers of victims.
The prevalence of these occurrences devalues each victim's identity to a point as to which I am sure, if asked, the victim would pay the frivolous amounts to the criminal networks to save the greater issues that come with identity theft.
It does not seem like the top leaders at organizations are as concerned with others' information as they might be with the bottom line.
What is the incentive? SOX or PCI compliance for stock options, or for the ability to use credit cards in the revenue stream?
We hear about massive compromises, but do not hear much about the repercussions of the breaches or the lack of concern for the security of customer's sensitive information.
If regulations do not influence business and security leaders, maybe fear of being the subject of a class action lawsuit might show the massive cost risk in the business model for security complacency.
Linkedin.com had about 6.4 million passwords dumped onto a Russian web site in a hashed form to be able to be cracked for those interested.
A few humorous articles showing the weaknesses of some of the passwords came about as a result, but I don't believe the user names of victims were published leaving this legal filing a little weak.
The punitive damages don't equate either, and I imagine the biggest winners for a situation like this are the litigators involved and the filing defendant.
However, it may open some eyes because money is going to have to be paid to the lawyers to defend against this, even if it does not have a solid legal basis or the show the ability to figure out the class of defendants or the true damages caused.
Whether I agree with this case or not, there has to be something done to generate true concern about the state of today's security and the treasures held on public Internet facing nodes.
If organizations do not respond to fear of embarrassment for failing at security, should we start taking them to court to formulate better consumer protections?