Absolutely agreed. It feels like corps are developing thier own infosec version of the four dogs defense.
4 DOG DEFENSE
My Dog Does Not Bite.
My Dog Bites, But It Didn't Bite You.
My Dog Bit You. But It Didn't Hurt You.
My Dog Bit You And Hurt You, But It Wasn't My Fault
Probably won't happen until some Senator gets personally burned. Equifax hasn't suffered much, for example, and they released almost all of their info for every adult in the US that ever used a credit card or had a mortgage.
I'm almost wishing some activist hacker would buy the data for the House and Senate reps and go to town...just to get their attention. Purchase pornhub accounts , shady drug site stuff, escorts, etc, and start sharing it publicly.
> My guess is that senators that have been burned have been done so secretly and are being blackmailed.
The whole bunch has been blackmailed for decades. Just not "ordinary" blackmailing, but threatening by big funders to cut said funding unless, for example, the politician keeps supporting NRA/BigAg/BigFinance-favorable policies...
I know HIBP's Troy HUnt has very carefully detailed his ethical and moral tradeoffs in what he does, and I appreciate that as a benchmark.
But I so want to lose my mind, start getting these breach db's and start emailing Congresscritters with "This email was hacked, you're screwed, we're screwed, and here's legit links to help fix our lives back up... (eff.org) (hibp) etc"
And now I'm on the watch list for when someone crazier than me actually does this. Sigh.
I feel like there could be an xkcd-style greasemonkey script that adds a winkey face to the end of any of those phrases to make them a little more accurate.
I’d prefer crippling fines.