STRATFOR and Texas laws, where do they stand now

STRATFOR is a Texas based company, by now we all have pretty much learnt what has happened to them over the Christmas period and they way they have reacted to it. From this many interesting facts have come into place that surround the incident, such as un-encrypted critical data such as Full credit card details, passwords and emails. In an interesting point brought up by about the company that is based in Texas and the law surrounding the storage of clients personal information. One part of the Texas law is

Sec. 521.052.  BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION. (a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.

Which pretty much states they by law had to encrypted the data that was not encrypted. To make this further embarrassing for them they have spoken to AFP in an interview and announced that they are "unsure" if the data was or was not encrypted, when clearly it wasn’t as it was being freely used to donate thousands to charities. On a note about the charites, has also made a very good strong point,

If charities incur chargebacks from misuse of data that Stratfor failed to adequately secure, can Stratfor be held liable for the chargebacks?  Any Texas lawyers around who can clarify liability issues?

See the full story from

About the author: Lee J

Security Analyst, Developer, OSINT,

Comments are closed.