Consumers are so numb to data breaches that these events now bring very little outrage. I think without that anger from the consumer, there's little incentive for companies to do more to stop data breaches from happening.
Well it's starting to feel like data privacy just doesn't exist anymore. I don't know why administrators for big customer databases even bother setting passwords these days.
My mother was concerned that some of her information, and mine, leaked because she signed up for another bank account from a place she decided she didn't trust. She said she wasn't worried about the money being stolen, but she was worried about our identities being stolen.
My concern was the complete opposite - I assume that my social security number and address are already for sale for a fraction of a cent somewhere, bundled with 10,000 other identities. But if money gets stolen, that's a whole rigamarole, with banks wringing their hands and saying "identity theft" as if that clears them from any responsibility.
Bank: "No, you see it was your identity that they stole!"
Customer: "Well I don't know because I seem to have my identity whereas you seem to have lost several thousands of dollars. I'm not clear why you think it's my identity that was stolen rather than your money."
As a nobody, I keep wanting a financial product that is a black hole. Money can go in, but cannot come out without significant pain. Seven+ day waiting period, in person visit, physical mail verification, something, anything that means if I do get hacked my accounts are not drained in milliseconds.
When I need a legitimate large withdrawal, I can go through the required effort.
You can have a financial manager control your accounts for you and just keep a small checking account, (plus they'll help you grow your balances) but they're not free. Well, they're not free if you want them to be unbiased. Given, what's going to keep them from getting scammed? Maybe what you're looking for is several safe deposit boxes.
I still want my money invested into the economy. I just want Chase/Fidelity/etc to have an understanding that I am never going to withdraw money from these accounts without planning for it. So, “I” should never be authorized to drain the account at a moments notice without extensive approval. Anything to cause friction for would be scammers and only once-a-year (?) pain from me to triply confirm the money can move.
I don't have direct access to my long-term savings and retirement accounts— I have to go through my financial manager who'll works in a small, local firm, and so would anyone trying to impersonate me. He would probably recognize my voice, knows where I live and what's going on in my life, to whom I'm married, etc. because we have bi-annual check in meetings. He'd definitely contact me through his existing contact info if there was anything weird going on with one of my requests, especially if it involved a different address or account than he's used to dealing with. As anyone in that compliance-and-accuracy-focused line of work should be, he's very intent on making sure all of the Ts are crossed and Is are dotted. He charges a flat percentage of my modest retirement savings annually (I'm far behind most white collar workers my age, coming from a working class early adulthood) so he has a financial interest in my investments, and does a really solid job managing them. The accounts are in a large investment-focused bank which I believe only he can access. I think it's about as safe as you could get while still keeping your money active in the economy and not having a rich person's resources.
That sounds like the opposite of what OP wants, because that money can very easily come out, without any pain, and without you even being notified that it's been moved - unless you're re-implementing your own bank-level security, I guess.
For example, let's say you have $100k in savings. I think you would be absolutely bonkers to store that in some secret part of your (flammable! break-in-able!) house.
I guess you could put it in a safety deposit box, and if you needed to spend it in a non-cash way, you could walk it directly to the teller and deposit it and make it available? The equivalent of a cold wallet, I suppose.
Really? I've been using cash almost exclusively for the past several months and haven't had any real problems. Sure, the overpriced hipster vegan Thai place in the McMall district may not take cash, but the family-owned ramen restaurant a couple miles down the road is more than happy to do so. Personally I find the "won't take cash" attribute to be a strong indicator that the business isn't worth supporting.
I've encountered nearly no businesses that don't accept cash and I pay with cash all the time. The lower-income end of the working class makes up a huge percentage of our economy, and it's an extremely cash-centric demographic. But even then, I've got a friend who sells fine handmade jewelry and some folks came in and bought like a 30k piece from her in cash because they owned a cash-only business. I can't imagine anyone existing outside of a ultra-gentrified corporate enclave that would encounter nearly any businesses that don't accept cash, let alone most. Maybe they just never see anyone use cash because they're not in a socioeconomic segment where it's still the standard?
If you have at least a fraud watch on your credit which means creditors are supposed to call you on the number they have listed before they open new accounts, then the money is arguably worth protecting more. But if you think it's tough to convince the bank with which you have an existing relationship that you didn't make some withdrawals, imagine trying to convince a bank you've never heard of that you didn't actually approve a loan for 3 Cadillac Escalade Platinums which neither you nor the bank realize are currently in a shipping container on their way to Abu Dabi.
(Nothing against Abu Dabi— I just picked a random place not under US jurisdiction where plenty of people have Escalade Platinum money.)
After Equifax debacle, I don’t think anyone cares. It’ll only be a big deal if there’s a huge B2B leak and business-critical data gets exposed, other than the usual name, address and phone number.
I'm still upset the government hasn't started work on a new national ID program after the Equifax breach. The SSN is not a suitable ID number in this day and age. We need something better that can withstand these kind of things without screwing people for life. My credit will be frozen for the rest of my life, and everyone else should do the same.
This is it for me tbh. Yeah I don't want my identity stolen and I'm still careful but after Equifax I just assume everyone already has my data so all of these data breaches are meaningless to me at this point. It sucks and it makes me mad but all I can do is shake my fist and wish these companies would be better anyway, so what else can I do but just be ok with it?
I think many companies think they can solve this issue by throwing money at their cyber security teams. It just happens that cyber security teams are often ineffective.
It's hard for a CyberSecurity team to be effective when the Execs keep failing the phishing tests and IT does not have the authority to fire them for it.
I've seen this so many times. I've seen instances where the execs/managers demanded it was turned off for them, and it was. 75% of the security I've seen at companies is pure theater so they can check the boxes for their insurance.
Good security researchers easily command a $500,000 compensation package per year (cost to companies higher due to benefits like health insurance). When you show the market comp of good cyber security researchers to execs, suddenly they decide that they only have the budget to hire incompetent people.
Good cyber security people are expensive because they are highly skilled: they typically need to have been a software engineer to understand software architectures and have intuition about them, have spent significant time sharpening their skills at hacking by participating in CTFs, and have probably also spent significant time doing reverse engineering and have a few CVEs attributed to them. (Why are these skills needed? Because they are the skills needed by the red team. Every company that takes cyber security seriously will have a red team.) Now tell me whether these people are worth $500,000 per year.
Maybe this is how it is at some places, but in my experience, it is not the case. I have friends who have worked in cyber-security for Fortune 500 companies and almost all of those companies would short-change (or outright ignore) the recommended spend and suggestions of their cyber-security employees, contractors, and advisors.
Where are you getting your information from? The levels of security negligence I hear about aren't even a big ask. Huge companies neglect to do basic things like "don't store your passwords in plain text" or "make sure you salt and hash your passwords".
I don't think it's fair to say cyber security teams are failing if companies are blatantly doing the worst and most obviously wrong things on the daily at the highest levels.
