4 hours ago, Maxis said:

You want to take a look at how many data breaches occur in a hospital or your regular doctors office with medical records ?  Lets not overblow the issue here. Get your credit card reissued and use the tools provided to protect yourself data breaches are a fact of life. Also your identity is public record and anyone with the appropriate knowledge or licensure can look you up if you transact business with your local and state government in the US (ESPECIALLY if you own something) .

As I said before and I say it again, EU data laws are super strict, GPDR itself is super strict. And as other mentioned, personal data in the EU is a red line can't be crossed. 

2 hours ago, honanhal said:

As several people upthread have noted, personal data is very much NOT considered a public record in the EU under the GDPR. I think you're overstating the case as far as data breaches are treated even in the US (companies and institutions definitely still have a duty of care not to expose personal details and may also be bound by specific regulations depending on the industry), but the EU is a whole other matter. They don't mess around with stuff like this...

Whatever amount of quick cash this pre-sale may bring TFDi, this has turned into quite a PR nightmare for them all around. What a mess.

James

I don't live in EU so if it's that difficult to call your bank and put a freeze on your cc or bank card or dispute a fraudulent charge after a merchant comes to you cap in hand and tells you that your data was unfortunately compromised then I'm glad I don't live there.

And if you think I'm overstating the case here I suggest you take a look at how the HHS handles typical data breaches. It's on their website if you know where to look.

Nevermind here's a link for ya

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/all-cases/index.html

Its all about process improvement. Not about beating companies to a pulp with every breach. That's an unworkable solution 

 

What I will agree with you is on the first issue of selling a promise for a product with nothing to show for a few months. That shouldn't have happened in the first place

1 hour ago, Maxis said:

I don't live in EU so if it's that difficult to call your bank and put a freeze on your cc or bank card or dispute a fraudulent charge after a merchant comes to you cap in hand and tells you that your data was unfortunately compromised then I'm glad I don't live there.

And if you think I'm overstating the case here I suggest you take a look at how the HHS handles typical data breaches. It's on their website if you know where to look.

Nevermind here's a link for ya

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/all-cases/index.html

Its all about process improvement. Not about beating companies to a pulp with every breach. That's an unworkable solution 

 

What I will agree with you is on the first issue of selling a promise for a product with nothing to show for a few months. That shouldn't have happened in the first place

It's not difficult in the EU to call your bank and put a freeze on your card / bank account. That is not what they were saying in their posts either. 

3 hours ago, Maxis said:

I don't live in EU so if it's that difficult to call your bank and put a freeze on your cc or bank card or dispute a fraudulent charge after a merchant comes to you cap in hand and tells you that your data was unfortunately compromised then I'm glad I don't live there.

…

Its all about process improvement. Not about beating companies to a pulp with every breach. 

When I said the EU doesn’t mess around with this stuff, I didn’t mean “they don’t bother with it,” I meant they take it extraordinarily seriously. “Beating companies to a pulp,” if you will. 🙂 To give you an idea, in certain cases with a serious breach of data the company can be fined 20 million euros, or 4% of their annual global total revenue, whichever is higher.

Anyway, reasonable people can disagree about whether it’s the best approach, but the point is to force companies to take data security/privacy seriously since they might be putting themselves in a world of hurt if they don’t.

The HHS examples you link to are mostly  small-scale inadvertent disclosures affecting single clients. If Aetna, let’s say, failed to take industry-standard precautions and as a result their entire customer roster had their files exposed to the world in a data breach, I’m pretty sure they’d be looking corrective action beyond “we did some training and revised our procedures”! If nothing else, they’d be facing massive lawsuits by the affected people. My point is that companies face significant legal and regulatory risk they can’t ignore for this stuff in the US as well. That’s true even if they don’t get the book thrown at them by the government directly in every case.

James

Flight simmers criticize the invasion of privacy that is PMDG requiring people to use their full names on forum posts but also think that name, address, phone number, emails and credit card credentials leaking on the internet isn't a big deal, happens every day and only lasted for a couple of minutes so it's not that bad.

I don't think people here realize the extent of a data breach like this. It's one thing when infrastructure breaks down because of a large volume of customers at once resulting in pages not loading and activation code issuing being delayed. It's an entirely different matter when you transmit personal data to a company who are legally required to keep it safe by ensuring appropriate measures work reliably but their system breaking down resulting in a public leak of that information.

This is bad enough, but it's "just" people pre-ordering. Imagine the extent if they actually released the MD-11, in which case I would assume a lot more people would have purchased it the second it was out. If their system can't handle pre-orders you can be sure the leak wouldn't just have lasted a few minutes and the system would have broken down completely on a full release resulting in a much bigger leak. It's not only the extent of the leak but also the principle behing it.

Testing your infrastructure to keep people's data safe is the bare minimum a company has to get right, especially one working in software development.

3 hours ago, honanhal said:

When I said the EU doesn’t mess around with this stuff, I didn’t mean “they don’t bother with it,” I meant they take it extraordinarily seriously. “Beating companies to a pulp,” if you will. 🙂 To give you an idea, in certain cases with a serious breach of data the company can be fined 20 million euros, or 4% of their annual global total revenue, whichever is higher.

Anyway, reasonable people can disagree about whether it’s the best approach, but the point is to force companies to take data security/privacy seriously since they might be putting themselves in a world of hurt if they don’t.

The HHS examples you link to are mostly  small-scale inadvertent disclosures affecting single clients. If Aetna, let’s say, failed to take industry-standard precautions and as a result their entire customer roster had their files exposed to the world in a data breach, I’m pretty sure they’d be looking corrective action beyond “we did some training and revised our procedures”! If nothing else, they’d be facing massive lawsuits by the affected people. My point is that companies face significant legal and regulatory risk they can’t ignore for this stuff in the US as well. That’s true even if they don’t get the book thrown at them by the government directly in every case.

James

Interesting you bring up Aetna .. who had not one .. not two but three major hipaa data breaches in 2020 takes In 60 billion annually in revenues and its fine was 1 million dollars total.

Needless to say there were more data breaches after that.

You need more elements involved before companies get really punished. Data is never 100% secure. Too many factors at play here. Now some may think that this is a rare occurrence. It is not and the point is  unless there are malicious intentions involved or reckless neglect what is going to happen in most cases as I pointed out is remedial action. Not punitive.

Your best security is personally knowing what to do when it happens.

I think this topic is now done to death. Some can say ok it happens let me take action to personally protect myself...

And some can complain and hope someone gets punished for something that's bound to happen and does happen frequently.

Little do they know what actually happens .. at least here in the US.

 

Edited December 2, 20223 yr by Maxis

Aside from all the problems with personal information data breaches, I can't understand TFDi's timing for this pre-sale launch (you could argue that it was fine because it seems as though they reached their limit of 1,000 presales) but I probably would of been interested in the MD-11. With all the Black Friday Flight Sim sales my simming budget has well and truly been blown over a £1,000 spent on hardware and software in the last week or so, so I've been denied the opportunity of purchasing it, why couldn't they mention this before the sales?

12 hours ago, Maxis said:

Interesting you bring up Aetna .. who had not one .. not two but three major hipaa data breaches in 2020 takes In 60 billion annually in revenues and its fine was 1 million dollars total.

Your best security is personally knowing what to do when it happens.

Well, you’re right that I didn’t know Aetna had in fact had so many HIPAA breaches. I guess I’m not surprised, although I can’t really agree that we should all just accept that this is the world we live in, the cost of doing business. But you’re right, we’ve done this to death and it’s not the main topic here.

I’ll just add as a final thought that while taking action to protect yourself is a good idea, it by no means solves the problem. I’ve actually only had my credit card details stolen once (easy enough to fix), but I’ve had much more sweeping and dangerous personal data stolen multiple times that is literally impossible to change. Guess I should have changed my name, DOB, work and credit history every time it happened! (And in each of those cases, it had nothing to do with any risks I knowingly took; the breaches were from “respectable” institutions.)

James

On 12/2/2022 at 10:05 AM, Amon1973 said:

Aside from all the problems with personal information data breaches, I can't understand TFDi's timing for this pre-sale launch (you could argue that it was fine because it seems as though they reached their limit of 1,000 presales) but I probably would of been interested in the MD-11. With all the Black Friday Flight Sim sales my simming budget has well and truly been blown over a £1,000 spent on hardware and software in the last week or so, so I've been denied the opportunity of purchasing it, why couldn't they mention this before the sales?

Why would they care how much you spent on Black Friday sales? They do not know what your budget is but they do know that historically flight simmers tend have a decent amount of discretionary money. If their goal was an actual product release at this time…I could see them making an announcement earlier as the goal would be to sell as many word not allowed possible. But this goal was all of 1000 units. With the full open launch by Sept 2023 hopefully sooner.

No matter what day/time they chose to do the presale someone would be in a financial bind (in between paychecks, just lost a job, had to replace the ac unit on their house etc etc). I’ve missed out on a few things (not just flight sim stuff) due to issues like this myself. Sometime the timing just isn’t meant to be. Not the company’s fault.

16 hours ago, CaptainNick said:

Why would they care how much you spent on Black Friday sales? They do not know what your budget is but they do know that historically flight simmers tend have a decent amount of discretionary money. If their goal was an actual product release at this time…I could see them making an announcement earlier as the goal would be to sell as many word not allowed possible. But this goal was all of 1000 units. With the full open launch by Sept 2023 hopefully sooner.

No matter what day/time they chose to do the presale someone would be in a financial bind (in between paychecks, just lost a job, had to replace the ac unit on their house etc etc). I’ve missed out on a few things (not just flight sim stuff) due to issues like this myself. Sometime the timing just isn’t meant to be. Not the company’s fault.

Of course they wouldn't know my budget, but I bet many people overspent in the black Friday sim sales, so even if they wanted to, they couldn't justify the additional spend when they have already spent a small fortune.