A massive global data leak linked to IDMerit has exposed 1 billion personal records, including national IDs and emails, across the US, Europe, and Asia.
This one is a mixed bag. KYC regulations are very useful in detecting and prosecuting money laundering and crimes like human trafficking. But ya, if this data needs to be kept, the regulations around secure storage need to be just as tight. This sort of thing should be required to be kept to cybersecurity standards like CMMC Level 3, audited by outside auditors and violations treated as company and executive disqualifying events (you ran a company so poorly you failed to secure data, you’re not allowed to run such a company for the next 10 years). The sort of negligence of leaving a database exposed to the web should already result in business crippling fines (think GDPR style fines listed in percentages of global annual revenue). A database which is exposed to the web and has default credentials or no access control at all should result in c-level exec seeing the inside of a jail cell. There is zero excuse for that happening in a company tasked with protecting data. And I refuse to believe it’s the result of whatever scape-goat techs they try to pin this on. This sort of failure always comes from the top. It’s caused by executives who want everything done fast and cheap and don’t care about it being done right.
I’m uninformed about this, but do KYC laws come into effect at some profit point or are they globally enforced. I don’t see how any small businesses could possibly afford a 3rd party audit, or how that would even scale. I agree it’s necessary, but logistically it seems problematic.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
This one is a mixed bag. KYC regulations are very useful in detecting and prosecuting money laundering and crimes like human trafficking. But ya, if this data needs to be kept, the regulations around secure storage need to be just as tight. This sort of thing should be required to be kept to cybersecurity standards like CMMC Level 3, audited by outside auditors and violations treated as company and executive disqualifying events (you ran a company so poorly you failed to secure data, you’re not allowed to run such a company for the next 10 years). The sort of negligence of leaving a database exposed to the web should already result in business crippling fines (think GDPR style fines listed in percentages of global annual revenue). A database which is exposed to the web and has default credentials or no access control at all should result in c-level exec seeing the inside of a jail cell. There is zero excuse for that happening in a company tasked with protecting data. And I refuse to believe it’s the result of whatever scape-goat techs they try to pin this on. This sort of failure always comes from the top. It’s caused by executives who want everything done fast and cheap and don’t care about it being done right.
I’m uninformed about this, but do KYC laws come into effect at some profit point or are they globally enforced. I don’t see how any small businesses could possibly afford a 3rd party audit, or how that would even scale. I agree it’s necessary, but logistically it seems problematic.