top | item 40545652

(no title)

I see both sides of this, but I think I would side with the original comment. It's not just blind outrage or something like that. The point is that there ought to be impact on Ticketmaster business. The messed up and there should be a cost to the company. They should be paying big fines or compensating their users. It should be entirely possible for a company to go bankrupt in such a situation which would incentivise better internal practices.

discuss

vlovich123|1 year ago

So this is an interesting case because by all accounts it was Snowflake that got compromised, not Ticketmaster themselves. So this isn’t them messing up but their vendor. I get the argument that you are responsible for your vendors, but at the same time the whole point of buying a SaaS product is precisely to hire domain experts to run a piece of infrastructure that you have less experience with. Security is very hard even for major companies with a stronger culture of it who spend much more resources on it like Apple and Google. It’s not clear that if Ticketmaster would have done a better job.

I think the view I’m most sympathetic too is that customer information should be viewed and reported on as a toxic asset/liability to discourage gathering of personal information in the first place.