bureaucracybusters

Archive for August 1st, 2019|Daily archive page

CORPORATE DATA BREACHES? BLAME CEOs: PART ONE (OF TWO)

In Bureaucracy, Business, History, Law, Law Enforcement, Politics, Social commentary on August 1, 2019 at 12:08 am

Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.

Lily Tomlin as Ernestine

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers. But facing such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.

Among those companies hacked:

  • Kmart
  • Staples
  • Dairy Queen
  • Target
  • Sony Pictures 
  • Primera Blue Cross
  • Home Depot
  • JPMorgan/Chase

In 2015, they were joined by health insurance giant Anthem Inc. The company announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.

Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.

Among the customers’ information accessed:

  • Names
  • Birthdates
  • Social Security numbers
  • Member ID numbers
  • Addresses
  • Phone numbers
  • Email addresses 
  • Employment information

Some of the customer data may have included details on their income.

Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times

Bad as that news was, worse was to come.

A February 5, 2015 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.

The company believed that hackers used a stolen employee password to access the database

Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.

Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”

She said that Anthem encrypted personal data when it moves in or out of its database–-but not where it is stored.

This is a commonplace practice in the healthcare industry.

The FBI launched an investigation into the hack.

According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.

Naturally, China denied any wrongdoing.

Chinese Foreign Ministry spokesman Hong Lei said: “We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”

He also said that the charge that the hackers were Chinese was “groundless.”  

On July 15, 2015, Ashley Madison—the notorious website for cheating wives and husbands—joined this list.

Launched in 2001, its catchy slogan is: “Life is short.  Have an affair.”

One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”

Related image

Millions of its clients suddenly found their lives changed in ways they never imagined—for the worse.

Ashley Madison claimed to have more than 37 million members.  

Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.

Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014. It’s also a complete lie.

“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”

On July 20, 2015, Avid Life Media defended the service, and promised to make it free.

The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.

“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.

“Shutting down AM and EM will cost you, but non-compliance will cost you more.”

The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”

Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:

“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”

So why didn’t the company hire “one of the world’s top IT security teams” before the hack?

%d bloggers like this: