A gift from XKCD - http://xkcd.com/327/

Pretty good. The local Commerce branch seems to have always had software problems in comparison to other banks they seem a little lost.

The compensation banks aren't forced to give in cases like this is the main reason these attacks are successful in the first place.

If businesses that negligently store personal data on insecure systems (especially those that do so without permission from their customers) were forced to

1/compensate customers for the costs involved in restoring their credit scores should they be affected,

2/compensate them for any increases in interest rates they suffer due to bad credit,

3/forced to offer them the credit they would have got, at interest rates they would have qualified for, and

4/repay every bad loan taken out in their names.. because obviously this is where most of the damage occurs..

then you can be sure nothing will change and people will continue to be screwed over by them.

Real protection with real laws. Not crappy laws like they have in California that just force these arseholes to say

"We're sorry to tell you that your personal information is now in the possession of the Russian Mafia - but we'll pay for useless credit monitoring services to let you know exactly how badly you're life is going to get for a couple of years. Not that the nightmare will be over by then, we just need to make this token gesture or someone will pass some real legislation to protect people like you from people like us".

It's sort of like a business decides to store leaky gas cylinders next to your house without your permission, and their only liability is to let you know your house is probably going to be burnt to the ground, but don't worry because they'll let you know how often it happens over the next 2 years.

What could be fairer than that?