[lemon_bottle]

Unpopular opinion but I think whenever these 'hack' incidents happen, there should be a full disclosure and the company should be made to tell us what exactly was hacked right down to the nuts and blots, sql queries and server processes level.

There should be full transparency on this and all the open source eyeballs should be able to study and scrutinize this. If not, anyone will be able to get away with data theft tomorrow saying, "my server got hacked". What will cause them to not do it except some sense of personal ethics which is rapidly degrading these days?

[stingraycharles]

That is not an unpopular opinion, people have been arguing on this forum for proper legislation around these types of security incidents and breaches for years.

[BaculumMeumEst]

That opinion seems like common sense. Why do you think it would be unpopular?

[foepys]

GDPR requires a full disclosure of which data and users are affected and when it happened, which I think is fair for the average user.

[AYBABTME]

But that's like a bridge collapsing and only having to produce a list of who got injured and what their injuries were.

[true_religion]

Bridges tend to be owned by the government which in democratic counties gives an accounting to the public.

Private bridges, have owners who give an accounting to no one when they collapse. At best, if you have standing you can sue them and they will defend themselves by giving an accounting for why it’s not their fault or they did their best.

[pedro2]

Those things need to be supervisioned. FlyTAP has gotten their entire rewards DB (if not all their DB) hacked and if it were not for IHBP I would never know because the company never told me. As far as I know FlyTAP never got a fine for ignoring its obligations.

GDPR is a good idea but there must be supervision for it being applied as defined.