Posts Tagged ‘CREDIT CARDS’
ABC NEWS, ADDRESSES, AIRLINES, ALTERNET, ANTHEM, ANTHEM INC., AP, AVID LIFE MEDIA, BUSINESS, BUZZFEED, CBS NEWS, CEOS, CHINA, CLASS-ACTION LAWSUITS, CNN, COMPUTER HACKING, COMPUTER SECURITY, CREDIT CARDS, CROOKS AND LIARS, CYBERCRIME, CYBERSECURITY, DAILY KOZ, DAIRY QUEEN, DATA BREACHES, EMAIL ADDRESSES, EMPLOYMENT INFORMATION, EQUIFAX, FACEBOOK, FEDERAL TRADE COMMISSION, FORBES, HACKING, HOME DEPOT, JOHN HERING, JPMORGAN/CHASE, JPMORGAN/CHASE ASHLEY MADISON, KARL A. RACINE, KMART, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MEMBER ID NUMBERS, MOTHER JONES, MOVEON, NAMES, NBC NEWS, NEWSWEEK, NPR, PHONE NUMBERS, POLITICO, PRIMERA BLUE CROSS, RAW STORY, REUTERS, RICHARD SMITH, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, SOCIAL SECURITY NUMBERS, SONY PICTURES, STAPLES, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY, WALL STREET JOURNAL, XAVIER BECERRA
In Bureaucracy, Business, History, Law, Law Enforcement, Politics, Social commentary on August 2, 2019 at 12:43 am
On July 15, 2015, Ashley Madison joined the list of companies that failed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.
And Ashley Madison had more reason than most to do this—as the notorious website for cheating wives and husbands.
After all, its database is a blackmailer’s dream-come-true. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.
Like so many other companies hit by hackers, Ashley Madison sought to reassure its dangerously compromised customers:
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”
This statement gave new meaning to the phrase, “Closing the barn door after the cow has gotten out.”
Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach.
So why wasn’t this “top IT security team” hired at the outset?
On August 18, 2015, the hackers began releasing their pirated information.
Ashley Madison’s customers chose to put their private information on its computer system.
Those of Equifax, didn’t. Equifax collected this from credit card companies.
From Mid-May through July, 2017, Equifax was hacked. The breach was discovered on July 29.
But the company didn’t announce it until September 7, 2017.
As a result, the private data of nearly 150 million people was compromised.
On July 22, 2019, the Federal Trade Commission (FTC) announced that Equifax, one of the nation’s largest credit-reporting companies, would pay up to $700 million to settle with the FTC and consumers.
If approved by the federal district court Northern District of Georgia, the settlement will provide up to $425 million in monetary relief to consumers and a $100 million civil money penalty.
According to Karl A. Racine, attorney general for Washington, D.C., it’s the largest settlement ever for a data breach.
“Equifax failed to protect consumers’ information and failed to enact reasonable security measures under California’s data security laws,” California Attorney General Xavier Becerra said in a news conference.
“That left very important personal information exposed and allowed hackers to steal consumers’ names, Social Security numbers, their birth dates, their addresses and in some instances their driver’s license number and even credit related information.”![]()
And for those who believe the private sector is inherently more efficient than the public one: On the week that Equifax agreed to pay $700 million for its massive 2017 data breach, Richard Smith, its disgraced former CEO, got some wonderful news:
- He was slated to receive as much as $19.6 million in stock bonuses since leaving the company.
- That’s roughly 1,000 times the $20,000 maximum payout that any financially damaged consumer can collect from Equifax.
- In addition, Equifax agreed to cover Smith’s medical bills for life, a benefit the company estimates is worth another $103,500.
- Equifax decided he deserved a $24 million pension.
- Smith got $50,000 in tax and financial planning services.
- His stock bonuses cover a period that includes the former executive’s performance in 2017.
When CBS News contacted Equifax on this development, the company refused to comment. Neither could Smith be reached.
There is a reason why these security breaches keep happening.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author was John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
“One thing is clear,” wrote Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warned that “CEOs don’t seem to be making security a priority.” And he offered several reasons for this:
- The sheer number of data compromises.
- Relatively little consumer outcry.
- Almost no impact on the companies’ standing on Wall Street.
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” wrote Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
- Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
- There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies—and especially their CEOs—when such data breaches occur.
- The Justice Department should vigorously prosecute CEOs whose companies’ criminal negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”
ABC NEWS, ADDRESSES, AIRLINES, ALTERNET, ANTHEM, ANTHEM INC., AP, AVID LIFE MEDIA, BUSINESS, BUZZFEED, CBS NEWS, CEOS, CHINA, CLASS-ACTION LAWSUITS, CNN, COMPUTER HACKING, COMPUTER SECURITY, CREDIT CARDS, CROOKS AND LIARS, CYBERCRIME, CYBERSECURITY, DAILY KOZ, DAIRY QUEEN, DATA BREACHES, EMAIL ADDRESSES, EMPLOYMENT INFORMATION, EQUIFAX, FACEBOOK, FEDERAL TRADE COMMISSION, FORBES, HACKING, HOME DEPOT, JOHN HERING, JPMORGAN/CHASE, JPMORGAN/CHASE ASHLEY MADISON, KARL A. RACINE, KMART, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MEMBER ID NUMBERS, MOTHER JONES, MOVEON, NAMES, NBC NEWS, NEWSWEEK, NPR, PHONE NUMBERS, POLITICO, PRIMERA BLUE CROSS, RAW STORY, REUTERS, RICHARD SMITH, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, SOCIAL SECURITY NUMBERS, SONY PICTURES, STAPLES, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY, WALL STREET JOURNAL, XAVIER BECERRA
In Bureaucracy, Business, History, Law, Law Enforcement, Politics, Social commentary on August 1, 2019 at 12:08 am
Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
Lily Tomlin as Ernestine
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Watching Ernestine on Laugh-In was a blast for millions of TV viewers. But facing such corporate arrogance in real-life is no laughing matter.
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.
Among those companies hacked:
- Kmart
- Staples
- Dairy Queen
- Target
- Sony Pictures
- Primera Blue Cross
- Home Depot
- JPMorgan/Chase
In 2015, they were joined by health insurance giant Anthem Inc. The company announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.
Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.
Among the customers’ information accessed:
- Names
- Birthdates
- Social Security numbers
- Member ID numbers
- Addresses
- Phone numbers
- Email addresses
- Employment information
Some of the customer data may have included details on their income.
Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times
Bad as that news was, worse was to come.
A February 5, 2015 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.
The company believed that hackers used a stolen employee password to access the database
Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.
Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”
She said that Anthem encrypted personal data when it moves in or out of its database–-but not where it is stored.
This is a commonplace practice in the healthcare industry.
The FBI launched an investigation into the hack.
According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.
Naturally, China denied any wrongdoing.
Chinese Foreign Ministry spokesman Hong Lei said: “We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”
He also said that the charge that the hackers were Chinese was “groundless.”
On July 15, 2015, Ashley Madison—the notorious website for cheating wives and husbands—joined this list.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Millions of its clients suddenly found their lives changed in ways they never imagined—for the worse.
Ashley Madison claimed to have more than 37 million members.
Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.
Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014. It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, 2015, Avid Life Media defended the service, and promised to make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
9/11 ATTACKS, ABC NEWS, AL QAEDA, ALTERNET, AP, BIRTH CERTIFICATES, BUZZFEED, CBS NEWS, CHARLES DE GAULLE, CNN, CREDIT CARDS, CRIMINAL RECORDS, CROOKS AND LIARS, DAILY KOZ, DRIVER'S LICENSES, FACEBOOK, FBI, IDENTIFICATION, IDENTIFICATION CARDS, MOHAMMED ATTA, MOTHER JONES, MOVEON, MSNBC, NATIONAL CRIME INFORMATION CENTER (NCIC), NBC NEWS, NEWSWEEK, NPR, OSAMA BIN LADEN, P.O BOXES, PASSPORTS, PBS NEWSHOUR, POLITICO, RAW STORY, REUTERS, SALON, SEATTLE TIMES, Secret Service, SECURITY, SECURITY THEATER, SLATE, SOCIAL SECURITY CARDS, STATE ID CARDS, TEENAGERS, TERRORISM, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE DAY OF THE JACKAL, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE PENTAGON, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY, UTILITY BILLS, VIET CONG
In Bureaucracy, History, Law, Law Enforcement, Military, Politics, Social commentary on April 25, 2019 at 12:04 am
So you want to visit the Pentagon and see how America’s military works to protect you? Fine.
Just be prepared to accept the requirements that go with “security theater.”
According to the Pentagon’s webpage: “Tours are available Monday through Thursday from 10:00 A.M. to 4:00 P.M. and Friday from 12:00 P.M. to 4:00 P.M., and normally last approximately 60 minutes.”
Here’s what you’ll need to take the tour:
- Ages 12 and under – ID not required.
- Ages 13 to 17 – One form of photo ID or a parent/guardian to vouch for them.
- Ages 18 and up – At least one form of proper identification, which must be current and contains a photograph.
The Pentagon
Let’s break all this down:
“Ages 12 and under – ID not required.” Strapping bombs to children was a favorite tactic of the Viet Cong. And Al Qaeda has not hesitated to make use of the same weapon. It’s not comforting to learn that our military is still looking at children as “babes of innocence” rather than as possible “bombs of convenience.”
“Ages 13 to 17 – One form of photo ID or a parent/guardian to vouch for them.” Great! So long as an adult says, “Yeah, he’s mine,” any teenager can gain entry to America’s most important military center. This includes those teens who resent the American military’s presence around the world.
“Ages 18 and up – One form of ID, which must be current and contains a photograph, such as a driver’s license or U.S. passport.
Knowing a person’s identity is useful—so long as you have a reliable database system to match it against. An example of this is the FBI’s National Crime Information Center (NCIC).
Since 1967, the NCIC has been America’s central database for tracking crime-related information. It’s linked with such information repositories as:
- Federal law enforcement agencies
- State law enforcement agencies
- Local law enforcement agencies
- Federal and state motor vehicle registration/licensing agencies.
The NCIC makes available a variety of personal and property records for law enforcement and security purposes, covering:
- Convicted sex offenders
- Criminal convictions
- Foreign fugitives
- Immigration violators
- Persons with active protection orders
- Parolees
- Persons with active arrest warrants
- Secret Service protective alerts
- Terrorist organizations and membership
- Violent gang organizations and membership
Behind this lies a simple but highly effective formula, which was best-expressed in the classic 1973 movie, The Day of the Jackal. An anonymous professional killer has been hired to assassinate French President Charles de Gaulle.
At a government meeting called to thwart the plot, a top security expert says: “The first task is to give this man a name. With a name, we get a face, with a face a passport, with a passport an arrest.”
But if you don’t have a reliable database system to match an ID against, forcing people to “show me your ID” is worthless. What does “John Smith” mean to the average ill-paid security guard?
Even if the person is a wanted criminal, just looking at his ID card is worthless. Unless, of course, the person is so notorious as a criminal that his name is known to almost everyone: “My God, it’s Osama bin Laden!”
That’s presuming that the person is not only notorious but stupid enough to flaunt it. There is, after all, such a thing as a falsified ID. Every teenager who’s ever wanted access to a can of beer knows that.
If it seems impossible that any security official could be so stupid, consider this:
In 2010 a friend of mine decided to rent a P.O. box at his local Postal Service office. He was promptly told he would have to provide two pieces of identification, such as:
- A driver’s license or State ID card
- A passport
- A birth certificate
- A bill from a utility company, such as for phone or electric service.
Now, consider:
- He lived only a few blocks from the post office where he was applying for a P.O. box.
- He had lived at the same apartment building for 22 years.
- The Postal Service had been delivering his mail there that entire time—sometimes knocking at his door to do so.
- When he came to its counter to retrieve mail that was otherwise un-deliverable, his showing a State ID card had been entirely enough.
But, to rent a P.O. box at that very same post office, he had to prove he wasn’t a terrorist. And one of the ways he was to do this was to show a utility bill.
What does paying money to an electric or gas company prove about anyone?
Mohammed Atta faithfully paid all his utility bills on an apartment in Hamburg, Germany, where he planned the 9/11 attacks. He continued paying his utility bills during his stay in Venice, Florida—right up to the day he flew American Airlines Flight 11 into the North Tower of the World trade Center.
In short: Creating security theater is not the same as providing real security.
ABC NEWS, AIRLINES, ALTERNET, ANTHEM INC., AP, BUSINESS, BUZZFEED, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CROOKS AND LIARS, CYBERSECURITY, DAILY KOZ, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MOTHER JONES, MOVEON, NBC NEWS, NEWSWEEK, NPR, POLITICO, RAW STORY, REUTERS, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, STAPLES, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY
In Bureaucracy, Business, History, Law Enforcement, Politics, Social commentary on March 22, 2019 at 12:18 am
Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
Lily Tomlin as Ernestine
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Watching Ernestine on Laugh-In was a blast for millions of TV viewers. But facing such corporate arrogance in real-life is no laughing matter.
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.
All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.
Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.
And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.
Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.
Among the customers’ information accessed:
- Names
- Birthdates
- Social Security numbers
- Member ID numbers
- Addresses
- Phone numbers
- Email addresses and
- Employment information.
Some of the customer data may also include details on their income.
Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times
Bad as that news was, worse was to come.
A February 5 2015 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.
The company believes that hackers used a stolen employee password to access the database
Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.
Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”
She said that Anthem encrypts personal data when it moves in or out of its database—but not where it is stored.
This is a commonplace practice in the healthcare industry.
The FBI launched an investigation into the hack.
According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.
Naturally, China has denied any wrongdoing. With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:
“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”
He also said that the charge that the hackers were Chinese was “groundless.”
Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ
Meanwhile, John Hering’s complaints remain as valid today as they did in 2014.
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
- Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
- There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies—and especially their CEOs—when such data breaches occur.
- Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”
ABC NEWS, AIRLINES, ALTERNET, AMERICABLOG, ANTHEM INC., AP, BABY BOOMER RESISTANCE, BBC, BLOOMBERG, BUSINESS, BUZZFEED, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CREDIT REPORTING AGENCIES, CROOKS AND LIARS, CYBERSECURITY, DAILY KOS, DAILY KOZ, DAIRY QUEEN, EQUIFAX, FIVETHIRTYEIGHT, HACKING, HARPER’S MAGAZINE, HUFFINGTON POST, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MEDIA MATTERS, MOTHER JONES, MOVEON, MSNBC, NBC NEWS, NEW REPUBLIC, NEWSDAY, NEWSWEEK, NPR, PBS NEWSHOUR, POLITICO, POLITICUSUSA, RAW STORY, REUTERS, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, STAPLES, TALKING POINTS MEMO, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE DAILY BLOG, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE INTERCEPT, THE LOS ANGELES TIMES, THE NATION, THE NEW REPUBLIC, THE NEW YORK TIMES, THE NEW YORKER, THE VILLAGE VOICE, THE WALL STREET JOURNAL, THE WASHINGTON POST, THINKPROGRESS, TIME, TRUTHDIG, TRUTHOUT, TWITTER, TWO POLITICAL JUNKIES, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY, X
In Bureaucracy, Business, History, Law, Politics, Self-Help, Social commentary on September 12, 2017 at 12:01 am
Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
Lily Tomlin as Ernestine
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information.
Companies like:
- Kmart
- Staples
- Dairy Queen
- Target Home Depot
- JPMorgan/Chase
- Anthem Insurance
All these corporations suffered data breeches that exposed tens of millions of individuals’ private information–such as:
- Names
- Birthdates
- Credit card numbers
- Social Security numbers
- Member ID numbers
- Addresses
- Email addresses
- Employment Information
- Phone numbers
And now hackers have compromised Equifax, the consumer credit reporting agency.
One out of every two Americans stands to be a victim. Some 143 million consumers’ sensitive data is potentially compromised.
From mid-May to July, 2017, there was a flaw in Equifax’s website software. This allowed hackers to access 143 million Americans’ supposedly private information. Only after this massive robbery had occurred did the company discover the breach and close the loophole.
On September 8, PBS Newshour correspondent William Brangham outlined the dimensions of this catastrophe:
“It’s everything that would be in your credit report. So, it’s Social Security number. It’s your name, it’s your address, it’s your driver’s license information, it’s your employers, it’s your payment history, it’s what bank accounts you have….
“The thing that a thief could do with this information is, one, they could hack into your existing accounts once they have all that information. They could also set up new ones pretending to be John Yang or William Brangham and set up new accounts and then rack up big charges on those.
“So, the great irony here is that Equifax is a company that actually sells identity theft protection, and here it is they have theoretically allowed a huge breach that could trigger a ton of identity theft.“
According to Brangham, the two most outrageous aspects of this catastrophe are:
“[Equifax] found out about this on July 29, and we only found out about this breach on—this week. So, you’re supposed to, in these kinds of cases, immediately jump to do something about it. And it seems like they didn’t give consumers much time.
“And, secondly, several executives at the company, after they found out about the breach, sold about $18.8 million worth of stock in their company before this news got out, the implication being they didn’t want their stock to tank and their stock to lose value.”
Asked, “What are we supposed to do?” Brangham replied:
- Freeze your credit account—thus blocking anyone from setting up a new bank account, loan or mortgage in your name without you being alerted to it.
- Alert credit reporting companies Equifax, Transunion and Experian.
- Monitor your bank and credit cards for suspicious activity.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering. “Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
- Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
- There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies—and especially their CEOs—when such data breaches occur.
- Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”
ABC NEWS, AIRLINES, ALTERNET, ANTHEM INC., AP, BUSINESS, BUZZFEED, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CROOKS AND LIARS, CYBERSECURITY, DAILY KOZ, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MOTHER JONES, MOVEON, NBC NEWS, NEWSWEEK, NPR, POLITICO, RAW STORY, REUTERS, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, STAPLES, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY
In Bureaucracy, Business, History, Law, Law Enforcement, Politics, Social commentary on July 14, 2017 at 1:15 am
Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
Lily Tomlin as Ernestine
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Watching Ernestine on Laugh-In was a blast for millions of TV viewers. But facing such corporate arrogance in real-life is no laughing matter.
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.
All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.
Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.
And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.
Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.
Among the customers’ information accessed:
- Names
- Birthdates
- Social Security numbers
- Member ID numbers
- Addresses
- Phone numbers
- Email addresses and
- Employment information.
Some of the customer data may also include details on their income.
Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times
Bad as that news was, worse was to come.
A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.
The company believes that hackers used a stolen employee password to access the database
Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.
Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”
She said that Anthem encrypts personal data when it moves in or out of its database–but not where it is stored.
This is a commonplace practice in the healthcare industry.
The FBI launched an investigation into the hack.
According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.
Naturally, China has denied any wrongdoing. With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:
“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”
He also said that the charge that the hackers were Chinese was “groundless.”
Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ
Meanwhile, John Hering’s complaints remain as valid today as they did last October.
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
- Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
- There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies—and especially their CEOs—when such data breaches occur.
- Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”
ABC NEWS, ADULTERY, AIRLINES, ANTHEM INSURANCE, ASHLEY MADISON, BUSINESS, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CYBERSECURITY, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT INC., LUGGAGE THEFTS, MA BELL, NBC NEWS, SOCIAL SECURITY, SONY PICTURES, STAPLES, TARGET, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE LOS ANGELES TIMES, THE NEW YORK TIMES, TWITTER, U.S. POSTAL SERVICE
In Bureaucracy, Business, Entertainment, Law, Law Enforcement, Social commentary on April 14, 2016 at 12:07 am
It’s the nightmare-come-true for corporate America.
Name-brand companies, trusted by millions, hit with massive data breaches.
And with a series of keystrokes, the most sensitive financial and personal information of their employees and/or customers is compromised.
Among those companies:
- Target
- Kmart
- Home Depot
- JPMorgan/Chase
- Staples
- Dairy Queen
- Anthem, Inc.
- Sony Pictures
- Primera Blue Cross
- U.S. Postal Service
Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com
And as of July 15, 2015, Ashley Madison joined this list.
Ashley Madison is, of course, the notorious website for cheating wives and husbands.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Now millions of its clients may find their lives changed in ways they never imagined–and for the worse.
Ashley Madison claims to have more than 37 million members. And now, untold numbers of them may find their lives changed forever.
Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.
Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014. It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, Avid Life Media defended the service, and said it would make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
ABC NEWS, ADULTERY, AIRLINES, ANTHEM INC., ASHLEY MADISON, BUSINESS, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CYBERSECURITY, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, NBC NEWS, ROWAN & MARTIN'S LAUGH-IN, SOCIAL SECURITY, STAPLES, TARGET, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE LOS ANGELES TIMES, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TWITTER, USA TODAY
In Bureaucracy, Business, Law Enforcement, Social commentary on August 26, 2015 at 9:50 am
It’s the nightmare-come-true for corporate America.
Name-brand companies, trusted by millions, hit with massive data breaches.
And with a series of keystrokes, the most sensitive financial and personal information of their employees and/or customers is compromised.
Among those companies:
- Target
- Kmart
- Home Depot
- JPMorgan/Chase
- Staples
- Dairy Queen
- Anthem, Inc.
- Sony Pictures
- Primera Blue Cross
- U.S. Postal Service
Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com
And as of July 15, Ashley Madison joined this list.
Ashley Madison is, of course, the notorious website for cheating wives and husbands.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Ashley Madison claims to have more than 37 million members. And now, untold numbers of them may find their lives changed forever.
Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.
Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014. It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, Avid Life Media defended the service, and said it would make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
ABC NEWS, ADULTERY, AIRLINES, ANTHEM INC., ASHLEY MADISON, BUSINESS, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CYBERSECURITY, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, NBC NEWS, ROWAN & MARTIN'S LAUGH-IN, SOCIAL SECURITY, STAPLES, TARGET, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE LOS ANGELES TIMES, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TWITTER, USA TODAY
In Bureaucracy, Business, History, Law, Law Enforcement, Social commentary on July 21, 2015 at 9:35 am
It’s become as routine as the robbery of the corner liquor store.
Name-brand companies, trusted by millions, hit with massive data breaches that compromise their customers’ and/or employees’ most sensitive financial and personal information.
Among those companies:
- Target
- Kmart
- Home Depot
- JPMorgan/Chase
- Staples
- Dairy Queen
- Anthem, Inc.
- Sony Pictures
- Primera Blue Cross
- U.S. Postal Service
Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com
And as of July 15, Ashley Madison joined this list.
Ashley Madison is, of course, the notorious website for cheating wives and husbands.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Ashley Madison claims to have more than 37 million members.
Calling themselves “The Impact Team,” hackers appear to be enraged at the company’s “full delete” service, which promises to completely erase a user’s profile and all associated data for a $19 fee.
“Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014,” the hackers were quoted as saying in an online manifesto. “It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, Avid Life Media defended the service, and said it would make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Interestingly, the hackers did not target the company’s “CougarLife” website, which caters to female members seeking “a young stud.”
Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”
This statement gives new meaning to the phrase, “Closing the barn door after the cow has gotten out.”
It’s almost comical, except for the fact that the marriages of millions of people are likely to be threatened by the release of such information.
And it raises the question: Why wasn’t this “top IT security team” hired at the outset?
A website offering cheating services to those wealthy enough to afford high-priced fees is an obvious target for hackers. After all, its database is a blackmailer’s dream-come-true.
This latest breach comes about two months after a similar dating site, Adult FriendFinder–with an estimated 64 million members–was hit with a similar attack.
Again, it was clear that a site like this would be a prime target for those seeking information for blackmail. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.
“Without question, this is incredibly valuable information,” said J.J. Thompson, founder and chief executive of Rook Security, an IT security firm.
“[Ashley Madison’s customers] are now vulnerable to a significant secret.”
As usual when a corporation’s data breach occurs, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.
“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”
Brave-sounding words. But if the hackers make good on their threat, many prominent men in business and politics may soon find themselves facing expensive divorces.
And if that happens, at least some of them may well decide to take out their anger and embarrassment on the websits that assured them that the highly private information they shared was “100% secure.”
That could set a precedent for lawsuits by other victims of such data breaches. Which, in turn, could force profit-obsessed corporations to responsibly protect the highly sensitive information entrusted to them.
There is an important lesson to be learned from this latest disaster.
“Stuff that’s online is pretty much not private, no matter what you might hope or think or wish for,” said Geoff Webb, senior director of solution strategy for security management firm NetIQ.
Old records, like transactions and account details, remain in company databases long after you’ve deleted an account, he said, because the company needs them for tax and other business purposes.
“There used to be an old saying that everybody ends up naked on the Internet at some point,” said Webb.
Although that was meant figuratively, patrons of websites like Ashley Madison could soon find it applying literally.
ABC NEWS, ADULTERY, AIRLINES, ANTHEM INC., ASHLEY MADISON, BUSINESS, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CYBERSECURITY, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, NBC NEWS, ROWAN & MARTIN'S LAUGH-IN, SOCIAL SECURITY, STAPLES, TARGET, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE LOS ANGELES TIMES, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TWITTER, USA TODAY
In Bureaucracy, Business, Law, Law Enforcement, Social commentary on July 20, 2015 at 12:20 pm
Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
Lily Tomlin as Ernestine
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Watching Ernestine on Laugh-In was a blast for millions of TV viewers. But facing such corporate arrogance in real-life is no laughing matter.
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.
All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.
Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.
And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.
Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.
Among the customers’ information accessed:
- Names
- Birthdates
- Social Security numbers
- Member ID numbers
- Addresses
- Phone numbers
- Email addresses and
- Employment information.
Some of the customer data may also include details on their income.
Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times
Bad as that news was, worse was to come.
A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.
The company believes that hackers used a stolen employee password to access the database
Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.
Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”
She said that Anthem encrypts personal data when it moves in or out of its database–but not where it is stored.
This is a commonplace practice in the healthcare industry.
The FBI is now investigating the hack.
According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.
Naturally, China has denied any wrongdoing. With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:
“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”
He also said that the charge that the hackers were Chinese was “groundless.”
Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ
Meanwhile, John Hering’s complaints remain as valid today as they did last October.
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
- Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information. There is a name for such behavior: Criminal negligence. And there are laws carrying serious penalties for it.
- There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
- Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”
Bureaucracybuster's Blog 
ABC NEWS, ADDRESSES, AIRLINES, ALTERNET, ANTHEM, ANTHEM INC., AP, AVID LIFE MEDIA, BUSINESS, BUZZFEED, CBS NEWS, CEOS, CHINA, CLASS-ACTION LAWSUITS, CNN, COMPUTER HACKING, COMPUTER SECURITY, CREDIT CARDS, CROOKS AND LIARS, CYBERCRIME, CYBERSECURITY, DAILY KOZ, DAIRY QUEEN, DATA BREACHES, EMAIL ADDRESSES, EMPLOYMENT INFORMATION, EQUIFAX, FACEBOOK, FEDERAL TRADE COMMISSION, FORBES, HACKING, HOME DEPOT, JOHN HERING, JPMORGAN/CHASE, JPMORGAN/CHASE ASHLEY MADISON, KARL A. RACINE, KMART, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, MEMBER ID NUMBERS, MOTHER JONES, MOVEON, NAMES, NBC NEWS, NEWSWEEK, NPR, PHONE NUMBERS, POLITICO, PRIMERA BLUE CROSS, RAW STORY, REUTERS, RICHARD SMITH, ROWAN & MARTIN'S LAUGH-IN, SALON, SEATTLE TIMES, SLATE, SOCIAL SECURITY, SOCIAL SECURITY NUMBERS, SONY PICTURES, STAPLES, TARGET, THE ATLANTIC, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE DAILY BEAST, THE GUARDIAN, THE HILL, THE HUFFINGTON POST, THE LOS ANGELES TIMES, THE NATION, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TIME, TWITTER, U.S. NEWS & WORLD REPORT, UP, UPI, USA TODAY, WALL STREET JOURNAL, XAVIER BECERRA
CORPORATE DATA BREACHES? BLAME CEOs: PART TWO (END)
In Bureaucracy, Business, History, Law, Law Enforcement, Politics, Social commentary on August 2, 2019 at 12:43 amOn July 15, 2015, Ashley Madison joined the list of companies that failed to safeguard their customers’ most sensitive information—such as their credit card numbers, addresses, emails and phone numbers.
And Ashley Madison had more reason than most to do this—as the notorious website for cheating wives and husbands.
After all, its database is a blackmailer’s dream-come-true. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.
Like so many other companies hit by hackers, Ashley Madison sought to reassure its dangerously compromised customers:
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”
This statement gave new meaning to the phrase, “Closing the barn door after the cow has gotten out.”
Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach.
So why wasn’t this “top IT security team” hired at the outset?
On August 18, 2015, the hackers began releasing their pirated information.
Ashley Madison’s customers chose to put their private information on its computer system.
Those of Equifax, didn’t. Equifax collected this from credit card companies.
From Mid-May through July, 2017, Equifax was hacked. The breach was discovered on July 29.
But the company didn’t announce it until September 7, 2017.
As a result, the private data of nearly 150 million people was compromised.
On July 22, 2019, the Federal Trade Commission (FTC) announced that Equifax, one of the nation’s largest credit-reporting companies, would pay up to $700 million to settle with the FTC and consumers.
If approved by the federal district court Northern District of Georgia, the settlement will provide up to $425 million in monetary relief to consumers and a $100 million civil money penalty.
According to Karl A. Racine, attorney general for Washington, D.C., it’s the largest settlement ever for a data breach.
“Equifax failed to protect consumers’ information and failed to enact reasonable security measures under California’s data security laws,” California Attorney General Xavier Becerra said in a news conference.
“That left very important personal information exposed and allowed hackers to steal consumers’ names, Social Security numbers, their birth dates, their addresses and in some instances their driver’s license number and even credit related information.”![]()
And for those who believe the private sector is inherently more efficient than the public one: On the week that Equifax agreed to pay $700 million for its massive 2017 data breach, Richard Smith, its disgraced former CEO, got some wonderful news:
When CBS News contacted Equifax on this development, the company refused to comment. Neither could Smith be reached.
There is a reason why these security breaches keep happening.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author was John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
“One thing is clear,” wrote Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warned that “CEOs don’t seem to be making security a priority.” And he offered several reasons for this:
“There’s a short-term mindset and denial of convenience in board rooms,” wrote Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
There are three ways corporations can be forced to start behaving responsibly on this issue.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because we’ll lose our money and/or freedom if we don’t.”
Share this: