After reading the data breach notification I noticed some economic and social science theories at play here. The first economic theory that I have seen present is Rational Choice Theory. Rational Choice Theory is when individuals or businesses make choices in their best interest. In the letter they stated that the third party company that they hired experienced the intrusion. In their business plan they probably wanted to outsource a platform provider because it might be cheaper and they didn’t want to be responsible for firing and maintaining.  

The second economic theory that was present was the Laissez-faire theory. This theory is a version of the classical theory that suggests, “governments should not intervene in the economy except to protect individuals’ inalienable rights”. As we see in the explanation, law enforcement is investigating after the fact. So in this situation it correlates because laissez-faire cybersecurity is seen as reactive and responding rather than preventing. 

The letter also contained a couple social science theories as well. The first one that relates is the Neutralization Theory. This theory is how cybercriminals justify their behavior by saying that no human bus being actually hurt. In the letter the information that was actually accessed was first and last name, address, phone number and payment information. They have accessed information and have not done any physical harm. 

Second social science theory that I have noticed in the letter is the Behavioral Theory. Behavioral theory suggests that behavior is learned. At the what you can do section they actually walk you through an incident response. First they tell you to contact your card issuer, review your banking and card statements and finally they point out a resource on how to further protect the privacy of your data.