Starting in July, the state of California will require businesses to notify customers of any security breaches. Ouch, this is going to hurt.
The law states the breach data must contain last name and first initial or last name and first name in combination with one of the three items listed below:
2. California Driver License of ID card number
3. Credit Card number and associated pass codes
I still remember the case involving a college student who pulled valid SSNs off the University of Texas web site. He captured valid SSNs by trying every possible SSN combination (brute force).