Lately it seems that just about every major business with a database online has suffered a data breach. This is bad news for the health of the Internet, but not something that government is in a position to solve. Yet:
HARTFORD – Concerned about a recent hacking attack that may have affected more than 24 million customers, Attorney General George Jepsen, with support from nine other states, has asked Zappos.com, Inc. about its efforts to protect private customer information and its response to the breach.
The Attorney General wrote to the chief executive officer of the on-line retailer’s Nevada headquarters Friday seeking information about how the breach occurred, how affected customers were identified and notified and any corrective plans developed in response.
“This incident raises serious concerns about the possibility of fraud and targeted e-mail ‘phishing’ or other scams, as well as questions about the effectiveness of the company’s measures to protect the confidentiality and security of private information that it receives from consumers,” Attorney General Jepsen wrote.
Published reports said the hacking affected parts of the company’s internal network and systems, compromising a wide array of personal customer information, including names, billing and shipping addresses, e-mail addresses, phone numbers and encrypted passwords.
Jepsen wrote on behalf of Connecticut and Attorneys General in nine other states: Florida, Kentucky, Massachusetts, New York, North Carolina and Pennsylvania among them. Two states have laws prohibiting disclosure of investigations.
It's too bad that government is still filled with the tech clueless, because asking what a company does after the fact, does nothing. The important question is what they are doing to protect data, which would put them in the arcane world of hashed passwords, usernames, and seperation of login and transaction data, just to start.
Government doesn't understand tech, a problem when they introduce legislation, but a bigger problem in that they don't even begin to understand how to protect people.
Zappos.com is a great company and invests deeply in its customer experience and data infrastructure. The line of questions listed above just shows how out of touch Jepsen's department of lawyers is.