Hacker News new | ask | show | jobs
by guitarbill 3536 days ago
I'm going to call BS. At least in the UK banks screw up all the time and never get more than a slap on the wrist. The mobile apps put out are hilariously insecure and get hacked. Payment processors go down. [0]

Often, it seems like the only defence is that skiddies don't have a clue about mainframes that's saving these idiots.

[0] e.g. http://search.theregister.co.uk/?q=rbs
1 comments
grabeh 3536 days ago
Service failure and data breach are two separate matters. If a UK bank were to suffer a major breach they would be fined heavily by the ICO. Right now limits are at £500k but with the new General Data Protection Regulation potential fine levels will increase steeply...
link
guitarbill 3536 days ago
What, like TalkTalk? Or the police for that matter, who routinely lose sensitive information.

I agree, as long as fines are lower than the CEOs salary + bonuses, these "fines" remain laughable. But based on these other cases, it's unlikely that the ICO would or could do anything to severely impact how a bank operates, which makes them toothless.

As for telling the ICO, well the deputy director of the National Cyber Security Centre (NCSC, part of GCHQ) explicitly said he won't tell ICO if people report breaches to him... so I wouldn't cross my fingers.

link