ShinyHunters posted on Tuesday night in a hacking forum that it obtained data from Ticketmaster and its parent company, Live Nation, including customers’ names, addresses, emails, phone numbers, and order details, Cyber Daily wrote. The group is reportedly attempting to sell the stolen data for $500 million.
From this other link: https://www.abc.net.au/news/2024-05-29/ticketmaster-hack-allegedlyshinyhunter-customers-data-leaked/103908614
It said 1.3 terabytes of customer data possessed by Ticketmaster including names, addresses, credit card numbers, phone numbers and payment details is up for sale.
“Did you cut security staff?”
“Yes.”
“How much?”
“70%”
“And did that lack of security cause a security breach?”
“Yes.”
“And how much money did that cost us?”
“2 million dollars.”
“And how much did the security team that was let go cost us?”
“$500,000 per year.”
“So, we break even after 4 years, and profit after 5?”
“Uhhhhhhh…I guess?”
“Good work Johnson”.
heh, you don’t know how true this is. I’ve worked in IT for 2 decades. IT is pretty much always seen as a cost center.
If everything is running smoothly - “what are we paying you for?!”
If everything is on fire - " What are we paying you for!?"
And now with companies getting the tiniest of slaps on the wrists for willful negligence it’s cheaper to cut IT funding, outsource it, whatever.
If the cost of the fine is less than the profits gained by doing “x” then that’s just the cost of doing business. Execs will continue to do this until there are real consequences for the company and them directly.
Until there are proper incentives for executives (e.g. full asset seizure and mandatory multi-year community service in roles such as junior janitor, junior hospice care specialist, live-in support for late stage alzheimer’s patients) that require them to take ownership and responsibility for their actions (or lack of thereof), this will continue.
Just look at the 2017 Equifax breach in the US:
Wikipedia background:
Equifax press release states that CIO and CSO can now enjoy retirement:
Richard Smith, the CEO under whose watch this happened, got to retire at the ripe old age of 57 and got a nice bonus of $90 M
Are you salivating at the mere thought of this, then?
This is a start, but the fact that they come up with this:
Suggests that they are not being serious.
And I doubt the fine will be sufficient for them to re-evaluate their attitudes. What we need is full asset seizure (every last cent, home, car, everything) and to send them to do a decade as junior support personnel at a late stage Alzheimer’s care facility (my dad had Alzheimer, so I am not being callous for the sake of it).
They can also do 20 years in prison with no parole if they are too good for community service.
I’m not sure how that’s indicative of the FTC not being serious? You’re quoting a defense argument, of course they’re going to argue the agency is wrong.
With respect to the US regulatory/judicial actions, I find it difficult to believe that they will be sufficient to nudge the criminals towards genuine self-reflection and a desire to change their behaviour. Similarly, other criminals are likely see enforcement action as more of a “risk to be managed” as opposed to a strong incentive to re-evaluate their approach to criminal schemes.
This is of course not a US only problem, albeit there are countries were consumer rights and business criminality is less socially acceptable.
I didn’t interpret their argument as stating “the agency is wrong”. More like “we weren’t told this was wrong, we were one of the caught … so this claim should be dismissed.”
I would even go as far as saying that this is a sign of disrespect towards judicial processes.
It’s a fairly routine argument by the defense (we’re being singled out/the regulations are unclear). And regarding federal enforcement, there’s a lot of hamstringing by Congress.
All that to say, this is arguably a good sign of the FTC properly enforcing, not a reason for pessimism.
I hope you’re right. :)