Dear online retailers
#1 Stop archiving information on your customer base for any longer than necessary, by which I mean longer than the chargeback window of the associated credit card.
#2 Put some ****ing security on the information you do keep. Encrypt your database, with modern computers the overhead in cost and latency is minimal
Sadly, until retailers are themselves financially responsible for the harm caused by low security data (which will feed the class action sharks, unfortunately) there is no 'evolutionary' pressure to change the way they do business.
IIRC in an early and infamous breach of a debit and credit card database, the TJX breach (T J Max, Marshall's etc), the company had data on its customers accounts going back at least five years. WTF are they doing keeping this much data. If you bought one thing in one affiliated store ever you were as much at risk as anybody else. Multiply that by the number of companies you do business with via credit card.
The OPM breach was even worse. If you had a background check they know everything about you needed to steal your identity. If you have a clearance like I do they have that information on your family and even possibly some of your friends.
I have my data stored on my desktop Mac with far greater security than almost every entity I do business with uses. You can personally follow best practices and be savvy and cautious in how and with whom you do business and one careless operator can undo it all
#1 Stop archiving information on your customer base for any longer than necessary, by which I mean longer than the chargeback window of the associated credit card.
#2 Put some ****ing security on the information you do keep. Encrypt your database, with modern computers the overhead in cost and latency is minimal
Sadly, until retailers are themselves financially responsible for the harm caused by low security data (which will feed the class action sharks, unfortunately) there is no 'evolutionary' pressure to change the way they do business.
IIRC in an early and infamous breach of a debit and credit card database, the TJX breach (T J Max, Marshall's etc), the company had data on its customers accounts going back at least five years. WTF are they doing keeping this much data. If you bought one thing in one affiliated store ever you were as much at risk as anybody else. Multiply that by the number of companies you do business with via credit card.
The OPM breach was even worse. If you had a background check they know everything about you needed to steal your identity. If you have a clearance like I do they have that information on your family and even possibly some of your friends.
I have my data stored on my desktop Mac with far greater security than almost every entity I do business with uses. You can personally follow best practices and be savvy and cautious in how and with whom you do business and one careless operator can undo it all