this post was submitted on 27 Dec 2024
40 points (97.6% liked)

Pulse of Truth

589 readers
49 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago
MODERATORS
 

Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The exposed information included precise GPS data, which allowed […] The post Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked appeared first on Cyber Security News.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 1 week ago (1 children)

It needs to be illegal to collect that data in the first place. Without a law that affects all manufacturers, the ones that don't do it will be at a disadvantage. The free market can't fix this because it is a variation of the tragedy of the commons.

[–] [email protected] 8 points 1 week ago (1 children)

I would prefer there to be a law that severely punishes any company that has a data breach. Back in the early 2000s when the RIAA started suing people for sharing music online the courts in one case finally landed on a value of $9,250 per song shared as a reasonable fine. I think that might be a good number to start with when a company shares (purposefully or not) someone's data without that person's permission.

That would put Volkswagen's fine at $7.4 Billion, which I think should help convince companies that they should really only collect and store data that they absolutely need... and to make securing that data a top priority.

[–] [email protected] 7 points 1 week ago

Take it one step further though. The fine shouldn't be calculated per customer, but per piece of data. So name, phone number, and address would be 3 pieces, and every GPS data point is another piece.