(from the Merc)
So, this is depressing. Worse, it’s wildly misreported in lots of places. Most accounts somehow blame the computer security practices at Wells Fargo, and either downplay or completely omit the fact that this was a burglary! Literally, someone broke a window and grabbed a bunch of stuff, coincidentally including a laptop computer. They probably had no idea it had customer SSNs and bank account numbers on it.
The real story is the subcontractor in India who recently tried to blackmail UCSF. She had sensitive patient files, and threatened to publish them unless she got paid what she felt she deserved. When sensitive, personally identifying information gets copied down long chains of people and companies, each link is one more opportunity to for negligence. Laws are harder to enforce, and rules inside any one company don’t apply.
It’s all well and good to debate this stuff, but when your SSN, credit card number, and birth certificate get plastered on a web site, you don’t want debate. You want it stopped.