I'm not suggesting that this is the case here, but I wonder how many screw ups are going to get laid at the feet of Anonymous and lulzsec?

I suspect that there will be many blaming various groups because it is easier than beefing up security in the first place. I have no comments about these groups but this could be anyone hacking their systems probably looking for credit card info or even details of illicit rendezvous.

I think this is a good what Lulsec are doing. From what I understand they don't use any sophisticated methods to steal data, not to mention that DDOS attacks are plain dumb. You can only imagine what other real criminals with actual hacking skills are doing quietly. Not just for fun but to steal money, credit card numbers or our data from inept companies that can't be arsed to spend money to protest their systems.

If stealing password from porn sites, old forums and DDOSing Cia websites is what it takes for the corporates to get off their arses then I with Lulsec.

Absolutely in terms of systems intrusion and publicising how easy it is. However I kind of draw the line at them publishing the personal data they manage to find in the systems they break into. I don't see what extra that gains anyone and it hurts the people who have no say in the security of the systems that have been hacked.

To me, doing that seems to invalidate their stated justifications. They state they're showing systems to be insecure so that companies will improve their security to make personal data safer. Well, if they've already published all the personal data themselves, then haven't they they done as much damage as the company could ever have done? That suggests to me they actually don't give much a toss about anyone else, they're actually just doing it for a laugh (or lulz, if you will) and all the stuff about doing it to make everyone's data safe is just PR. What's the point of making everyone's data safe if you've already published it on the internet?

So really, I don't buy it. To me, they're the computer equivalent of a kid pulling the legs of a spider. They're just doing it because they can, and anything else is just whitewashing.

Jon

True, but if it makes our data safer in the long run then I am willing to accept this cost.

Travelodge have emailed out to every body to give a warning. At least they're trying.

They were lucky that their database was not wiped in the attack. I agree with the comments about this helping improve security in the long run. Companies will only do what they can get away with. If these attacks make them more secure and protect our data in the long run that is a good thing.

While it’s dreadfully inconvenient having companies being hacked into, I think we need this kind of service being performed. I hate to suggest this, but the ICO need to do spot checks like this - hacking into companies’ databases and seeing what is exposed. No warnings, just a visit from an enforcement officer after the fact who can demonstrate how the hack was done, what was exposed to the board of directors. The results of inspection hack should be made public if the company fails to act after a certain amount of time.

Yes but these bodies are not set up to protect customers they are to protect companies in cases of cock ups. If not the companies could be sued. Though with this quango it stops that.