Then the law sounds ineffective to me. There are security researchers featured in this article saying that this dump looks legit, and Instacart still gets to pretend like everything is normal? User data could wind up sitting on the dark web for weeks before Instacart finally gets around to notifying them of the breach.
Tools like haveibeenpwned typically rely on companies' cooperation to report breaches since "data breach" is a legal term. But since Instacart still hasn't reported this, do the security tools get updated in a timely way, or are there millions of credit cards and passwords sitting up for sale while lawyers figure out how to handle the legal side of this?
Tools like haveibeenpwned typically rely on companies' cooperation to report breaches since "data breach" is a legal term. But since Instacart still hasn't reported this, do the security tools get updated in a timely way, or are there millions of credit cards and passwords sitting up for sale while lawyers figure out how to handle the legal side of this?