Last week, LivingSocial announced a breach affecting 50 million customers. The breach involved names, email addresses, and passwords, but no Social Security numbers or bank account or credit card information. The breach is getting a lot of press.
Last month, I reported on a lawsuit in which a John Doe company alleges the IRS apparently scooped up over 10 million people’s medical records/insurance information from their HIPAA-covered organization without a warrant. The data were allegedly copied and taken in March 2011 and have not been returned. That case did not draw a lot of media attention.
Assuming the facts in the second case are true as alleged, which incident worries you more, and why?