After this debacle it appears that it will culminate in what constitutes as a pass in the enterprise universe. For more details I refer you to the link to the article below and some of my commentary on the matter.
An interesting resolution to an obvious lack of IT controls and governance. Furthermore the settlements and fine allocation is interesting. Why is the FTC receiving $10 million while the states are receiving $500,000 total? What ever happened to the actual customers whose information was carelessly handled? A $5 million dollar redress last year? That's it? Where is the accountability? Without it there is little incentive to improve security when the punishment for inappropriate conduct constitutes a slap on the wrist.
What are your thoughts?