> How is a regular person supposed to even know if their data was in this particular leak?
Reporting requirements. If you find out you're breached, you have to notify everyone involved--plus their states' attorneys general--within N days. If you find out you're breached and fail to notify at least one attorney general, that becomes a criminal liability for those who knew but didn't act.
I was working with Albany on a law in this form (notice only) after the Equifax breach. It was tabled due to lack of Equifax-related outreach from voters.
It was tabled due to lack of Equifax-related outreach from voters.
I suspect this is because the very people who would be the most vocal about this issue are also the most politically cynical, and would never think to reach out to their representatives. That's a damn shame, if true.
