[jordonwii]

The linked article is not very good imo. It goes into almost no detail, despite including two directly contradictory statements: "Yet another cloud storage misconfiguration has exposed personally identifiable information (PII)" and "the data in question contained no names of any individuals or any other personal identifying information"

Can we change this to link to the Forbes article referenced in the linked one? It goes into substantially more detail, including reconciling the researcher's claim with Experian's. https://www.forbes.com/sites/thomasbrewster/2017/12/19/120m-...

edit: didn't even notice the substantially more click-baity headline "Every single American household" vs. "120 million American households".

[stephengillie]

The Forbes article also points out that the DB is now secured. I have 2 take-aways:

1. This isn't an announcement that our details have been leaked, so much as a reminder that our details are now and will perpetually be leaked, in one form or another by an externalized party.

2. Databases mapping all American households exist.

[gfody]

I worked at Experian and had access to ConsumerView by way of any number of crazy integration schemes that were/are perpetually making a mockery of security protocols in order to meet deadlines and please clients. Pretty much anyone with network access could download a copy and walk out with it.

[figgis]

| 2. Databases mapping all American households exist.

And they can be pretty comprehensive. Short anecdote but the last time I moved, and before I had updated any address information on my accounts/ID, the first piece of non-forwarded mail I received addressed to me was a credit card offer from AMEX. I still have absolutely no clue how they knew where exactly to send it to me.

[scoggs]

I'm assuming a lot here but there is always the chance that your door-to-door post man or woman went to deliver any generic piece of mail to your old address only to find out you no longer lived there. I'm fairly sure there is a mechanism in place where a post man or post office can set a recipient as "moved" or "moving" to let the entire postal system know that until that recipients new address is figured out that no mail should be going to the old address.

That said the cynic in me won't allow the positive optimist within me to win this one. While I do believe there to be many wonderful postal workers I am going to assume that corporate greed is winning out over the kindness and caring of the human heart in this specific situation :(

[pathseeker]

There is that mechanism but you have to trigger it yourself via the USPS website or by going to the local post office.

[JPKab]

Indeed, databases mapping all American households have existed, and been sold and re-sold, for decades.

Compared to Equifax, this is nothing. Why? Because this data can't be used for identity theft, and it's been widely available in downloadable, fully portable form for 2 decades.

[danielvf]

FYI, 120 million American households is only a few percent off from the being all American households. That part at least is fair.

[jordonwii]

Huh, apparently there are about 125 million households in the US. I didn't realize it was that close.

[joemag]

I am very curious to learn what steps those 5 million households had to take to keep themselves off that list.

[iak8god]

Probably living in extreme poverty is sufficient.

[logfromblammo]

Not having a permanent mailing address, utility bills, or a bank account would do it.

[sctb]

Sure thing, we've updated the link from https://www.infosecurity-magazine.com/news/every-single-amer....

[PantaloonFlames]

The forbes article is good. The original linked article is so poorly written, I thought it was a sham.

The Forbes article says that the US is one of the few countries that does not have laws requiring the protection of such information. But let me ask: what would a new law change about this particular incident?

Unless the law specifically requires that someone go to jail, then the law will make no difference. The owner of the data didn't mean to expose it all. It just happened.

We already know that when companies flout the laws, no person goes to jail. The company pays a fine and everyone continues doing what they were doing. The punishment is irrelevant. With this kind of repercussions, Laws are ineffective.

[QAPereo]

Set a value on the info, statutory value, and suddenly a breach can bankrupt you, you seek insurance, and the insurerers want due diligence of your infosec.

[rdiddly]

Thanks for the link, this is the one for grown-ups.