Data Breach at Wyze Labs Exposes Information of 2.4 Million Customers

"While Congress has not yet passed federal legislation to provide consumers with protections against data breaches, all 50 states and D.C., Guam, Puerto Rico and the U.S. Virgin Islands have enacted laws that require companies like Wyze to make their customers aware of data breaches that involve their personal information, Riana Pfefferkorn, the associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, said in an email Monday.

“In recent years an increasing number of states have enacted data security laws as well,” Ms. Pfefferkorn said. “Those laws require entities that hold personally identifiable information about a state’s residents to make reasonable efforts to secure that information — to prevent a breach from happening in the first place.”

“Consumers have zero control,” Jennifer King, the director of consumer privacy at the Center for Internet and Society at Stanford Law School, said on Monday. “We are definitely at the point where if we want to change anything, we need regulation.”

“The more all of this data goes on the cloud, the more vulnerable we are,” Dr. King said. “If the company isn’t necessarily practicing the best security practices you can do all you can and you’re still going to be exposed.”"