It's funny how these articles are always so quick to reassure "no payment details have been compromised", as if that is a significant concern. How did we get to the point where the private data that can be rendered obsolete with one phone call is treated much more securely than private data that will follow us for the rest of our lives?
We need a lobbying group that will strong-arm lawmakers into crafting regulation so that our personal information will be treated with at least as much care as ephemeral credit card numbers.
Seems like the payment data is just handled by the credit card companies, so it's a matter of targeting random businesses vs Visa....
So, seems like you're ultimately advocating for all data to be handled by credit card companies, or similarly hardened targets. In the end this may not gain much; a company with compromised api access is still a good target. Which helps demonstrate another difference: Companies need ongoing access to their data, where payments are 'fire and forget' and thus are easier to protect.
We need a lobbying group that will strong-arm lawmakers into crafting regulation so that our personal information will be treated with at least as much care as ephemeral credit card numbers.