this post was submitted on 16 Sep 2024
228 points (98.7% liked)

Technology

72931 readers
3117 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
228
23andMe agrees to $30M settlement for breach lawsuit (www.scmagazine.com)
submitted 10 months ago by sirico@feddit.uk to c/technology@lemmy.world
37 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 19 points 10 months ago (3 children)

Seems like a paltry amount, given what savvy social engineers could do with that data.

If you don't use proper security practices, you should be on the hook for prison time at a minimum.

[–] douglasg14b@lemmy.world 5 points 10 months ago* (last edited 10 months ago)

It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.

23&me didn't leak data, they didn't have any database breaches, their infrastructure wasn't compromised due to negligence...etc The majority share of negligence is in the users here.

Yes, they should have MFA, but also no, most sites and services don't force you to use MFA to begin with, and that's not a regulatory requirement anyways.

This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users. And this is a shitty precedent to set where the technical reasons for this event are thrown out the window in favor of the politics of it.

[–] helenslunch@feddit.nl 3 points 10 months ago (2 children)

Who would you jail? How would you decide whos responsible? You can't jail the entire company.

But with a sufficient size fine you can make everyone at the company regret that decision, directly or indirectly.

[–] Telorand@reddthat.com 6 points 10 months ago (1 children)

Who would I jail? The C-officers. Your shit show, your responsibility. If you can't trust your employees, figure out why or do the work yourself.

[–] gsfraley@lemmy.world 9 points 10 months ago

I've always been hugely in favor of it. It's the one change that could maybe justify their gargantuan salaries -- if your company causes harm and suffering, the leaders absolutely need to be put on the hook.

[–] Damage@feddit.it 0 points 10 months ago (1 children)

You punish everyone in proportion to their responsibility

[–] helenslunch@feddit.nl 1 points 10 months ago

But they're not suggesting they be punished at all...

[–] helenslunch@feddit.nl 2 points 10 months ago (1 children)

So all the people who actually make the decisions walk away scot-free?

[–] Telorand@reddthat.com 1 points 10 months ago

I didn't say that. However, if delegation is too risky, do the work yourself.