Okay, we know this is USA, Texas, but think what would you personally do, if you were a person caught up in this 28 Million driver license data breach? How would you feel? How would it affect you? How can the local police trust that it is really you?
This just goes back to basic hygiene - lets get rid of passwords?
What is this going to cost to recover from - re-issuing nearly 28 Million driver licenses?
I am in this group, because I lived in TX for a few years! I have change my license a few times since then so hopefully there is not much impact to me. I would really like to see much stronger penalties for companies like this. I still do not see companies taking security as seriously as they should and if they can just wave it off they will not be compelled to do what they should be doing.
As for me, this is probably no the first time a company was been breached and my information has been compromised. There is nothing I can do about that side of times. But what I can do is keep an eye on my credit, don't reuse passwords between site, try to close and delete account I no longer use, and so on...
How do others feel about this?
@JKWiniger Thank you for your comments. What a horrible situation. Normally it is a case of the Bank ringing me directly and informing of some malicious activity on the Credit Card, and advising that they block it and re-issue a new one with a number of days. But having to go through this several times, must be absolutely galling to the many people who have been affected.
But the silly thing is this just keeps coming at us - recently another AWS S3 bucket was compromised - so you have to ask yourself was it the Client or AWS misconfiguration - the balance would be the Client in this case.
Come on roll up, and lets be have a honest, Charter house rules discussion.
@Caute_cautim I think there was only one time I had an issue from a data breach. From my best guess it was when a Linkedin breach caused some of there info to land on the dark web and someone grabbed it and began sending email threats claiming they had my info and had gotten into my computer. The grammar was very bad and it was easy to spot it as generic. This was what got me to move to a password manager and stop and password reuse I had been doing. Now if there is a breach and someone find a password from the dark web I hope they will be smart enough to see it was generated by a password manager and just not bother wasting their time.
With AWS buckets, I think most of the time it comes does to misconfiguration on the client side. I have seen such bad examples of this, such as a key being store right in the code on a website! To me anyone who would do this should not be allowed to work in IT! I believe someone said one of my better qualities is that when I don't know something I say so right off and then I say, but I will find out! To me there is nothing wrong with not knowing something, like how to securely access a bucket from an app, but when you claim you do when you don't it waste a lot of time and normally cause problems.
Just my .02