Sometimes no news is worse than bad news.
When a company's data is stolen by hackers, affected customers typically receive a disturbing note from the breached firm, warning that they could soon become victims of identity theft.
But last May, when Chinese hackers infected more than 500,000 Web sites with malicious software designed to steal personal information, visitors to those sites received something more disturbing: an invisible password-stealing program on their machines, and an eerie silence from the owners of the sites they'd visited.
Today, 44 U.S. states have passed breach disclosure laws that require companies whose cache of personal information is lost or stolen to publicize the incident, reporting the problem to the affected customers. But those laws haven't kept pace with the evolution of cybercrime.
