Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives.
The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.
What happens afterward? The companies incur some expenses in the notification of the breach and in providing credit monitoring for the fraction of individuals who sign up, and they usually approve spending money to take additional cybersecurity measures. Their insurance rates may increase as well. However, those whose sensitive personal information was compromised are still left out in the cold. Companies responsible for breaches often assert that the mere compromise of personal information is not an injury—the indi ..
Support the originator by clicking the read the rest link below.
