A quarter million Comcast subscribers had their data stolen from debt collector
44 points by rntn 15 hours ago | 9 comments
  • cebert 15 hours ago |
    It sounds like in this case, Comcast provided data to a 3rd party so they could try to collect on past due accounts. I’m surprised it isn’t more common to keep your data in house and provide programmatic access to data on as needed basis combined with auditing and access controls.

    You can make 3rd parties sign all kinds of agreements, but even if they are held responsible, it diminishes your brand too. An entity as large as Comcast could afford to make an API instead of providing direct access to raw data.

    • Larrikin 15 hours ago |
      Is there any evidence that Comcast cares or needs to care about their reputation?
      • esafak 15 hours ago |
        "We don't care. We don't have to!" https://vimeo.com/355556831
      • bastard_op 14 hours ago |
        I'm more curious at what point Comcast is responsible for handing your PII to that shitty little debt collector organization that let your information leak onto the internet because they really have no concept of IT security.

        Not like you as a delinquent customer willingly shared your information with that shitty debt collector organization that leaked it, so who's really responsible?

    • AlotOfReading 15 hours ago |
      In my experience, it's not that organizations are unable to fix the collections sides of their orgs, it's that they don't care to on an organizational level. It's a lot easier to share a spreadsheet over email regardless of the consequences than to go outside your lane and advocate for spending resources to do something better. You aren't going to win any credit, debt collectors are going to complain, and the only people who might benefit are easily disregarded as leeches because the system thinks their account is delinquent.
  • bastard_op 14 hours ago |
    You have the dregs of society (debt collectors) winning business contracts and getting customer PII handed to them, which turns around and harasses the dregs of society (delinquent isp customers), and eventually the dregs gets hacked (pick one).

    I'm sure the bottom feeders of the debt collection world don't exactly employ best practice security and data storage, color me shocked. Hope their E&O insurance is paid up at least.

  • changing1999 13 hours ago |
    This is going to continue until legislation is introduced to fine companies for each customer data point exposed. Eg a single data point = $100. Email, name, address - that's $300 per customer.

    Some recent hack exposed my name, address, email, and phone number. Now I regularly get emails that are just all these details and an attachment.

    • Ylpertnodi 7 hours ago |
      Open the attachments...we're all dying to know.