Quantcast
Channel: COMPUTER SECURITY – Bureaucracybuster's Blog
Viewing all articles
Browse latest Browse all 15

CORPORATE DATA BREACHES? BLAME CEOs: PART TWO (END)

0
0

On July 15, 2015, Ashley Madison joined the list of companies that failed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.

And Ashley Madison had more reason than most to do this—as the notorious website for cheating wives and husbands.

After all, its database is a blackmailer’s dream-come-true. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.

Like so many other companies hit by hackers, Ashley Madison sought to reassure its dangerously compromised customers:

“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”

This statement gave new meaning to the phrase, “Closing the barn door after the cow has gotten out.”

Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach.

Adultery-dating website Ashley Madison hacked

So why wasn’t this “top IT security team” hired at the outset?

On August 18, 2015, the hackers began releasing their pirated information. 

Ashley Madison’s customers chose to put their private information on its computer system.

Those of Equifax, didn’t. Equifax collected this from credit card companies.

From Mid-May through July, 2017, Equifax was hacked. The breach was discovered on July 29. 

But the company didn’t announce it until September 7, 2017.

As a result, the private data of nearly 150 million people was compromised.

On July 22, 2019, the Federal Trade Commission (FTC) announced that Equifax, one of the nation’s largest credit-reporting companies, would pay up to $700 million to settle with the FTC and consumers.

If approved by the federal district court Northern District of Georgia, the settlement will provide up to $425 million in monetary relief to consumers and a $100 million civil money penalty.

According to Karl A. Racine, attorney general for Washington, D.C., it’s the largest settlement ever for a data breach. 

“Equifax failed to protect consumers’ information and failed to enact reasonable security measures under California’s data security laws,” California Attorney General Xavier Becerra said in a news conference.

“That left very important personal information exposed and allowed hackers to steal consumers’ names, Social Security numbers, their birth dates, their addresses and in some instances their driver’s license number and even credit related information.”

Related image

And for those who believe the private sector is inherently more efficient than the public one: On the week that Equifax agreed to pay $700 million for its massive 2017 data breach, Richard Smith, its disgraced former CEO, got some wonderful news: 

  • He was slated to receive as much as $19.6 million in stock bonuses since leaving the company.
  • That’s roughly 1,000 times the $20,000 maximum payout that any financially damaged consumer can collect from Equifax.
  • In addition, Equifax agreed to cover Smith’s medical bills for life, a benefit the company estimates is worth another $103,500.
  • Equifax decided he deserved a $24 million pension.
  • Smith got $50,000 in tax and financial planning services.
  • His stock bonuses cover a period that includes the former executive’s performance in 2017. 

When CBS News contacted Equifax on this development, the company refused to comment. Neither could Smith be reached.

There is a reason why these security breaches keep happening.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author was John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

“One thing is clear,” wrote Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warned that “CEOs don’t seem to be making security a priority.” And he offered several reasons for this:

  • The sheer number of data compromises.
  • Relatively little consumer outcry.
  • Almost no impact on the companies’ standing on Wall Street.
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” wrote Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

There are three ways corporations can be forced to start behaving responsibly on this issue.

  1. Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
  2. There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies—and especially their CEOs—when such data breaches occur.
  3. The Justice Department should vigorously prosecute CEOs whose companies’ criminal negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”


Viewing all articles
Browse latest Browse all 15

Latest Images

Trending Articles





Latest Images