Christmas shoppers were stunned to learn last Thursday that computer hackers had made off with the names and other personal info of some 40 million Target customers. Some of the pilfered information is reportedly being sold on the black market, prompting JP Morgan Chase to limit purchases and cash withdrawals on debit cards owned by recent Target shoppers.
But at least Target informed its customers of the security breach, as it is required by federal law to do. HealthCare.gov faces no such requirement; it need never notify customers that their personal information has been hacked or possibly compromised. The Department of Health and Human Services was specifically asked to include a notification requirement in the rules it designed for the health-care exchanges, but HHS declined.
Continue reading this piece from National Review here.