I have a real problem with the pretense posed by the article that the club has no blame. They should have understood the risk they were taking on by subcontracting a vendor to collect passports, and better vetted that vendor. Obviously the service provider was completely inept, but that doesn't absolve the fools using them.
I preach to my clients this sort of PII should be treated as a toxic, hazardous substance. Ideally don't touch it with a 10 foot pole, and if you can't help it then limit the scope, protect it with strong access policies that severely limit who can touch it (including encryption keys conservatively custodied), and securely delete it all as soon as possible.
Too many companies these days point you to shoddy third parties for some kind of functionality (e.g. book an appointment, perform KYC on you, host the online learning platform for your course, etc.), inappropriately foisting both a new business relationship on you that you never asked for along with their partner's terms of service that you have no bargaining power in negotiating.
This is a side-effect of the SaaS era, and the model is broken.
jwr 9 days ago | parent | next [–]
If these kinds of breaches were actually costly, then people would indeed treat PII as toxic. But they aren't. The media brouhaha blows over within a week or so, and things are fine again.
Leaking PII should be very, very expensive, and then this idiocy would stop.
threaded - newest
Get ready for many more leaks, as governments require identity and age verification everywhere online.
Many organisations, which cannot be trusted with this data, are going to be processing it.
first off - how is cambridge analytica still a thing in 2026?
That’s exactly what I was thinking
They even mention the Cambridge analytica scandal for some reason
Probably AI written and they didn’t put “Don’t make us look like idiots” in the prompt.
It seems someone re-registered the expired domain and turned it into whatever it is today.
whois.domaintools.com/cambridgeanalytica.org
Wiki says they’re defunct, so some party must have bought their website or something.
“Oops, welp, better get a new one with a stupid scowling Trump on it!”
– Idiot Administration probably
Has the link gone down? I get error when trying to access
yeah here’s an archive archive.ph/a6Tmo
The comments on combinator: