undefined | Better HN

0 pointsbuboard6y ago0 comments

There is no definite scale for the fines though, i'm pretty sure negotiating with the hackers will be cheaper 100% of the time. This is interesting from a free market perspective: The undefined cost of the fines would lead to the discovery of the true price of data leaks by negotiating with thieves.

0 comments

2 comments · 2 top-level

IanCal6y ago

> There is no definite scale for the fines though, i'm pretty sure negotiating with the hackers will be cheaper 100% of the time

This will not be true if any paid-off breach is ever discovered as then you'll have paid the hackers and the fine, which will be larger because you've deliberately kept it from the ICO/similar.

tapppi6y ago

What negotiating though? If your huge customer, orders and/or payments database is exploited and dumped and then used for identity/CC fraud, there is no negotiating with hackers. You will be found out eventually due to the proliferation of sold information and data dumps in the black market, which are then analysed by researchers. Then you will be fined possibly twice instead of once or not at all, since you also failed to report the breach.

I fail to think of relevant common situations where negotiating with the hackers would be an option in breaches relating to GDPR.

j / k navigate · click thread line to collapse