[hourislate]

I would imagine that Equifax was able to prove that they at least met the prudent man rule.

The prudent man rule which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation. This rule, developed in the realm of fiscal responsibility, now applies to information security as well.

The intent was to patch the system but they experienced some sort of issue that prevented the timely action. From what I understand, you only have to show the courts that we tried to do the right thing and had the right intention.

Plus they aren't involved in any election scandals which certainly helps....

The one positive thing that came out of all this is that you can lock down your credit for free and open it again for free when you need to . Basically no one could ever open an account or credit card in your name if the offering party tries to run a credit report.

[pmiller2]

Assuming I buy your argument, to me, it just implies that the prudent man rule is inadequate here. Intent doesn't secure my data. As far as I'm concerned, they can intend in one hand and shit in the other and see which one fills up first. When the consequences of failure are the compromise of the financial lives of virtually every American adult, you need to be more than prudent about it.

[ineedasername]

Yes, intent minus execution equals some level of incompetence. Which (I guess?) is better than never having the intent to begin with, but it's sort of a distinction without a difference. "I wanted to fix my brakes but the brake shop was closed, that's why I got into a car crash" isn't really an endearing argument to the other parties involved or the regulators (Police in this case) that deal with the fallout.

[ineedasername]

Plus they aren't involved in any election scandals which certainly helps....

Yes, plus their perceived censoring of right-leaning content (real or imagined).

But between the election stuff and their attempt to setup a currency whose monetary policy would be governed by a group of wealthy corps and partly based in another country regulated by a foreign body... these are things that touch on the sovereignty of the US, and no government wants internal competition on that front.