Hacked Company: Notifying Customers Of Breach Is A "Burden"

Network Solutions, an e-commerce company, just experienced a data breach that resulted in them compromising 573,000 credit and debit card accounts. The company has begun to notify merchants of the breach so they can tell their customers, but gosh, it’s just so hard.

Network Solutions’ spokesman says, “We feel terribly about it, to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute.” Other things that are a burden: having a company let hackers access your bank account because their web security failed.

As US PIRG, which directed our attention to this story, points out, it’s pretty easy to instruct the merchants on the varying state laws: “Tell them to comply with the strongest state law and they will be in compliance with all of them.”

US PIRG also notes, “With a debit card, fraud occurs against your own checking account and the law supposedly protecting you — the Electronic Fund Transfer Act is weak. Plus, it’s your own money you’re missing until when and if the bank refunds it. Fraud against a credit card, on the other hand, is covered by the stronger Truth In Lending Act and the bank has a greater incentive to work hard to stop it. All plastic should be protected the same way credit cards are. If we get a new consumer agency, that could be one of its first efforts.”

Network Solutions Says Hackers Accessed 573,000 Card Accounts [WaPo, via US PIRG Consumer Blog]