[r_lee]

I think we're already in the "cost-of-business" stage.

the industry standard seems to be:

- release "oopsie" statement

- engage "cybersecurity firm" to investigate

- give out free credit monitoring for a year (fucking worthless)

and so far it seems to be working just fine

[rdtsc]

Yup I don’t see any huge downsides here for these companies, and not much incentive to change. The more it happens the more they can point to each other and say “see, it’s not just us”

[mapt]

I don't think I would favor executions or anything.

But forcible dilution (partial or total seizure) of the corporation? A mandatory insurance coverage? Absolutely.

We already have statutory HIPAA violation penalties, and I am extremely in favor of assessing them in a breach. The question is whether they are sufficient.