Daniel Ruth, who does snark even better than I, has a great column about Equifax at the Tampa Bay Times: http://www.tampabay.com/opinion/colu...shrugs/2338161

Back to my original point: Equifax, like many big players in the Enterprise, did not give adequate attention to security. In the eyes of management, security is a cost, and costs must be minimized.

I'm not saying that's right and I'm certainly not saying it's moral, but that is how management thinks.

You said it. This is way too big to just sweep under the rug.

I heard on Colbert's show (we record it and listen to the interesting parts tomorrow, so it was Thursday night's show) that a person set up a copycat site with an altered name (instead of "equifaxsecurity*.*," it was "securityequifax*.*," then Equifax linked to the copycat site in a post on their website.

Equifax seems to have a very low competence score.

Low, more like non-existence. You would think after all that has happened they would at least vet any site they link to.

In all professions, we have the ability to hold anyone accountable, by requiring them to obtain a license to practice and by then holding over them the fact that they can lose that license.

Today, in software, any "pantser" who can spell <<PHP>> can work in the industry, most-especially if he is cheap. And, in the world of the "happy little cloud," a data-center can be located in any country where labor and electrical power are cheap, and on that data-center we put "the keys to our kingdom" even though our own nation's laws don't apply there.

It's as though every lesson we had learned had been un-learned when the computer became widespread about 20 years ago. But, as the losses grow toward the trillion-dollar mark, and the number of plaintiffs grows into the hundreds of millions, mark my words, this is about to change, for good.