Sunday, January 3, 2010

Rockyou sue

I told you about the RockYou data breach a couple of weeks ago. They kept over 30,000,000 passwords (and usernames plus personally identifiable information) on their servers in plain text files. CIO.com reports that a class action suit has been filed in California for a number of failures by RockYou to protect user data and failure to report as required by California law when data was compromised.

I suppose it's not too surprising that the RockYou data breach is ranked as one of the top 5 (or should that be bottom5?) data breaches of 2009 by PCWorld, but the sad thing is that in today's day and age they should have been the worst. PCWorld didn't actually rank the top 5, just picked the worst 5 and listing them. But several qualify as worse, either for the number of people affected or the length of time it took to report the breach. One company took six months to notify anyone of a data breach. As long as companjies try to stall like that, notification laws will be needed.