|
|
|
|
|
|
by hnbad
880 days ago
|
|
|
Well, depending on what kind of data was stored in the database he accessed, this may constitute a data breach according to privacy law in which the vendor also needed to assess whether the incident needs to be reported to its data subjects (i.e. all customers in the same database). Those could then possibly sue for damages. Of course if that's the case the vendor would have to be found to be in violation of privacy laws by not using state of the art protections (e.g. not shipping plaintext passwords, not using the same database/credentials for data from different customers) and might be fined for that separately. |
|
|