A hacker break in at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities.
OK, call me cynical, but as someone who has had on average 2 ID thefts per year, I welcome that our overlords have maybe finally had theirs stolen, too.
It’s understandable why the company would decline to comment: Inside the plain text archive apparently stolen from the firm are more than 850,000 credit card numbers, expiry dates and associated names and addresses. More than one-quarter (241,000) of all compromised card numbers were high- or no-limit American Express accounts, card numbers that have very high resale value in the cybercrime underground.
Unencrypted, plain text file? Sweet Baby Jeebus, these clowns were not even remotely trying to protect their customers’ info.
Here’s the thing: we’ve all grown used to this happening, just another inconvenience of modern life. But in reality, companies who hold your data have no penalty for losing it. Sure, they send you a note and apologize for the inconvenience, but you cannot bring suit against them: they got that written into law.
So much for the invisible hand of the market.
Any two-bit tabloid would have an absolute field day with this database. Simple text searches for certain words (“sex,” “puke,” “arrest,” “police,” “smoking pot”) reveal dozens of records detailing misbehavior and all kinds of naughtiness by executives, celebrities and people you might otherwise expect to behave civilly.
I wonder if now that their own info is compromised if something might give? Let’s hope so.
(Hat tip: Krebs On Security via Scissorhead Charm School Drop Out)