Yes. The 2018-9 breach and cyberextortion involving Finland's mental-health startup Vastaamo.
- CEO Ville Tapio was convicted criminally under the GDPR.
- The company failed in 2021.
- Finland's NBI tightened criminal code on privacy violations of data subjects, either intentionally or through gross negligence, if they cause damage or significant inconvenience to the data subject.
But now that it has happened once, will they ever do it again? A lot of innocent people lost their jobs because of not fault of their own. I'm putting this in the context of the NCAA punishment given to SMU frequently referred to as the death penalty. The NCAA has since said they would not do that again as there was a lot of unanticipated collateral damage from that punishment decision
This article is from a couple weeks ago, the same day ADT submitted "Other Information" to the SEC about unauthorized access:
https://www.sec.gov/Archives/edgar/data/1703056/000170305626...
Again sigh
2024 Home security giant ADT says it was hacked (34 points, 14 comments) https://news.ycombinator.com/item?id=41193157
2021 Home Security Tech Hacked into Cameras to Watch People Undressing and Having Sex (32 points, 6 comments) https://news.ycombinator.com/item?id=25876366
2015 How to Hack an ADT Alarm System (78 points, 68 comments) https://news.ycombinator.com/item?id=8947172
It’s an overstatement to call the 2021 incident a “hack”.
If we want to use the word hack as a general term to describe the exploitation of notoriously weak security, then it's appropriate...
There’s no real consequence for security breaches. No fine. No reimbursement to the victims. No jail time for the CEO and board.
Are there real consequences in any country?
Yes. The 2018-9 breach and cyberextortion involving Finland's mental-health startup Vastaamo.
- CEO Ville Tapio was convicted criminally under the GDPR.
- The company failed in 2021.
- Finland's NBI tightened criminal code on privacy violations of data subjects, either intentionally or through gross negligence, if they cause damage or significant inconvenience to the data subject.
https://news.ycombinator.com/item?id=40210873
But now that it has happened once, will they ever do it again? A lot of innocent people lost their jobs because of not fault of their own. I'm putting this in the context of the NCAA punishment given to SMU frequently referred to as the death penalty. The NCAA has since said they would not do that again as there was a lot of unanticipated collateral damage from that punishment decision