this post was submitted on 04 Aug 2025
7 points (100.0% liked)

US Law (local/state/federal) ⚖

87 readers
2 users here now

This is the only decentralized venue for chatter about law in the US. Federal law and law of various states and territories is on topic here.

Loosely related:

founded 1 year ago
MODERATORS
evenwicht@lemmy.sdf.org
7
Does any US law protect data breach victims when the data custodian hides the source of the data from the victim? Do I have any moves here? (lemmy.sdf.org)
submitted 1 week ago by evenwicht@lemmy.sdf.org to c/law_us@lemmy.sdf.org
2 comments fedilink hide all child comments
 

I received a notice that my data was leaked in a data breach from a custodian who I did not know had my data in the first place. I had never even heard of them.

One of my financial institutions outsourced to this custodian who was breached. I want to know who I am doing business with that hired the reckless custodian so I can close my account. The custodian ignored my requests for the source of the data.

The attorney general responded saying essentially: out of our purview.. nothing to do here.. we don’t give a shit.

Really? It’s such a perverse assault on data breach victims to deny them information about where the breach came from.

I would like to sue the custodian who is concealing from me the data source. Of course I would like to know if any law was broken, and I find nothing. What am I missing?

top 2 comments
sorted by: hot top controversial new old
[–] iii@mander.xyz 3 points 1 week ago* (last edited 1 week ago) (1 children)

Not a direct answer to your questions, but still related.

I've had something similar happen (started receiving spam, so someone sold/leaked my information).

Luckily, I rent my own domain name, and use randomstring@mydomain.tld as email when registering. As the random string is unique for each service, I could easily identify the leaker, and end my business with them.

[–] evenwicht@lemmy.sdf.org 2 points 1 week ago* (last edited 1 week ago)

I do the same and I have traced unreported leaks to the source that way, but it is useless when the breach notice comes not by email but to the physical address.

The thread is about legal obligations and recourse. Consumers should have to do anything sneaky to be protected.