Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price::Data for almost 36 million customers now in the hands of unknown hackers.

    • virku@lemmy.world
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      1
      ·
      11 months ago

      In Europe this would be a hard to explain breach of GDPR. Which could result in some hefty fines. Especially if it is a vulnerability they knew about but chose to wait.

        • kurushimi@lemmyonline.com
          link
          fedilink
          English
          arrow-up
          12
          ·
          edit-2
          11 months ago

          Sure, but given that the poster said “would” the point is to bring additional awareness to how consumer-backing laws with actual teeth can bring about positive change, and perhaps to motivate citizens to support similar legislation and legislators who would write it.

      • plz1@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        11 months ago

        In the real world, fines are a cost carried to the customer. So even with GDPR, the customer is still the loser in the situation.

          • plz1@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            11 months ago

            So fines come with a requirement that a company can’t raise prices to recoup them?

            • wahming@monyet.cc
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Do you think companies aren’t already pricing their products at the maximum they think the market can bear?

    • ColeSloth@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      It’s a bullshit headline all the way around. They may have waited like 9 days to patch it, but the exploit had been shown to be on their system (and many other companies) for several months. Essentially, the extra 9 days after the vulnerability was discovered and a patch existed wouldn’t have mattered much for anything. Ship already long since sailed.