HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Big fines for big breaches: The only way to stop shoddy security
I've posted on this topic in the past, but I can't say it enough: Retailers that lose customer information to crackers should be penalized massively. There is no other way to stem the tide.
Neiman Marcus is the latest in a long line of companies that lost control of credit and debit card data for its customers. Target's massive breach affected as many as 70 million customers; TJ Maxx lost tens of millions of customer credit cards back in 2005; Heartland Payment Systems, a credit card processor, lost 130 million records in 2009. In every case, the retailers express their sorrow and sympathy, and they promise to not let it happen again. But it will happen again.
Inexplicable as it may be, it's almost like a game to these companies. I can't think of another reason why they would play fast and loose with this information in the first place.