[imgabe]

> Did you have a nasty break-up? Fire someone? Do you have a business rival who would like to see your reputation ruined?

If you were dating someone, worked at the same company, or even in the same industry and know the same people, they do not need a data leak from Marriott to get your address. That has nothing to do with data leaks.

Maybe, maybe, you could conceivably piss off some Mr. Robot Darknet-wizard on a forum who would then spend hours combing through leaked data to try to figure out who you are so they could mail you some anthrax, but I'm going to put that at "get hit by an asteroid" level of things to worry about.

As far as "take the risk seriously", what is there for an individual to do? I have zero control over the data security practices of Equifax, Marriott, or any other major corporation. I can just avoid their services, but that would basically entail living completely off the grid and being a hermit. If it were something as simple as locking a door, or putting your backpack in the trunk, yeah, people would do it. But all of this "the sky is falling, freak out now!" propaganda, comes with absolutely zero actionable items that the average person can do. I'm not going to waste my life being worried about things I have no control over.

[quanticle]

Maybe, maybe, you could conceivably piss off some Mr. Robot Darknet-wizard on a forum who would then spend hours combing through leaked data to try to figure out who you are so they could mail you some anthrax, but I'm going to put that at "get hit by an asteroid" level of things to worry about.

The entire point of that article I linked was that the person doesn't have to be anywhere near you to cause you real damage. The woman who posted the false allegations to the homebreaker site was thousands of miles away. Heck, if you look at instances of "swatting" [1], it's entirely possible to people in mortal danger from thousands of miles away with little more than a phone. Are the people who are doing the swatting "Mr. Robot darknet wizards"? No, they're bored viewers of Twitch streams who think getting someone potentially shot is a barrel of laughs.

I'm not going to waste my life being worried about things I have no control over.

And this is why data-breaches will remain depressingly normal for the foreseeable future. Companies know that there are zero consequences, specifically because of this attitude. If data breaches were treated like chemical spills, companies would be much more proactive and careful about what data they collected, who they shared that data with, and how they secured that data. But companies know that consumers don't care, because "It's only data," and as a result they will continue to underfund data security and make us eat the externalities in the form of having to spend time and money getting transactions reversed.

[1]: https://mashable.com/2017/12/29/swatting-death-andrew-finch/...

[imgabe]

The article doesn't say how the swatter got the victim's address. Where they somehow able to cross-reference the streamer's twitch ID with their credit report in the leaked Equifax data? If not, I'm not sure what one has to do with the other.

> If data breaches were treated like chemical spills, companies would be much more proactive and careful about what data they collected, who they shared that data with, and how they secured that data.

Actually, on a personal level, I am treating data breaches exactly the same as chemical spills. I personally have about as much influence on one as the other, which is to say, none. If a law comes along, I'll support politicians who vote for it, but that's about it. Again, what precise, actionable steps are you proposing for the average person to do? I'm looking for something besides "be scared and angry all the time" because that is as unpleasant as it is ineffective.