Remember the multiple times tech companies have been fined for failing to "protect privacy"?
Do you remember of any agency having any kind of trouble after leaking private data? It's always the hackers that are to blame when there's a data leak in a government agency.
But when there's a hack at a company? the blame seems to go 100% on the company.
> Remember the multiple times tech companies have been fined for failing to "protect privacy"?
I can recall one or two exceptional cases,and the fines were relatively small,
amounting to a slap on the wrist.
For example for the 2017 Equifax breach, after 2 years, the total cost of the settlement included $300 million to a fund for victim compensation, $175 million to the states and territories in the agreement, and $100 million to the CFPB in fines. In the UK, the Financial Conduct Authority imposed a financial penalty of £11,164,400[1]
Equifax's revenue in 2017 was $3.362B.
In 2019, after Equifax agreed to the above settlement, revenue was up to $3.508B. Equifax revenue for the twelve months ending September 30, 2024 was $5.588B, a 8.79% increase year-over-year.[2]
Are you reading the same news the rest of us are? Companies are basically never found liable for a "hack" into their systems. And when the companies share user data intentionally, at worst they get a fine so low as to be meaningless. And in the US, usually not even that, because selling user data is mostly legal.
What usually happens in cases of government agencies getting hacked (in my non-US experience) is that an inspector investigates what went wrong, proposes improvements to security systems and processes, then monitors the agency to make sure they carry them out.
Do you remember of any agency having any kind of trouble after leaking private data? It's always the hackers that are to blame when there's a data leak in a government agency.
But when there's a hack at a company? the blame seems to go 100% on the company.