bureaucracybusters

Posts Tagged ‘JPMORGAN/CHASE’

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

DATA SECURITY BREACHES: “WE DON’T CARE, WE DON’T HAVE TO”: PART ONE (OF TWO)

In Bureaucracy, Business, Law, Law Enforcement, Social commentary on July 20, 2015 at 12:20 pm

Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives.  And her victims included celebrities as much as run-of-the-mill customers.

Lily Tomlin as Ernestine

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers.  But facing such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care.  We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.

All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.

Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.

And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.

Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.

Among the customers’ information accessed:

  • Names
  • Birthdates
  • Social Security numbers
  • Member ID numbers
  • Addresses
  • Phone numbers
  • Email addresses and
  • Employment information.

Some of the customer data may also include details on their income.

Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times

Bad as that news was, worse was to come.

A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.

The company believes that hackers used a stolen employee password to access the database

Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.

Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”

She said that Anthem encrypts personal data when it moves in or out of its database–but not where it  is stored.

This is a commonplace practice in the healthcare industry.

The FBI is now investigating the hack.

According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.

Naturally, China has denied any wrongdoing.  With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:

“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”

He also said that the charge that the hackers were Chinese was “groundless.”

Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ

Meanwhile, John Hering’s complaints remain as valid today as they did last October.

“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

There are three ways corporations can be forced to start behaving responsibly on this issue.

  1. Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information.  There is a name for such behavior: Criminal negligence.  And there are laws carrying serious penalties for it.
  2. There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
  3. Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

DATA SECURITY BREACHES: “WE DON’T CARE, WE DON’T HAVE TO”

In Bureaucracy, Business, History, Law, Politics, Social commentary on February 9, 2015 at 2:06 am

Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives.  And her victims included celebrities as much as run-of-the-mill customers.

Lily Tomlin as Ernestine

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers.  But facing such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care.  We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.

All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.

Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.

And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.

Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.

Among the customers’ information accessed:

  • Names
  • Birthdates
  • Social Security numbers
  • Member ID numbers
  • Addresses
  • Phone numbers
  • Email addresses and
  • Employment information.

Some of the customer data may also include details on their income.

Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times

Bad as that news was, worse was to come.

A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.

The company believes that hackers used a stolen employee password to access the database

Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and health providers.

Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”

She said that Anthem encrypts personal data when it moves in or out of its database–but not where it  is stored.

This is a commonplace practice in the healthcare industry.

The FBI is now investigating the hack.

According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.

Naturally, China has denied any wrongdoing.  With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:

“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”

He also said that the charge that the hackers were Chinese was “groundless.”

Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ

Meanwhile, John Herring’s complaints remain as valid today as they did last October.

“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

There are three ways corporations can be forced to start behaving responsibly on this issue.

  1. Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information.  There is a name for such behavior: Criminal negligence.  And there are laws carrying serious penalties for it.
  2. There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
  3. Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches.  They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”

, , , , , , , , , , , , , , , , , , , , , , , ,

“WE DON’T CARE, WE DON’T HAVE TO”

In Bureaucracy, Business, Law, Politics, Social commentary on October 23, 2014 at 2:52 pm

Comedian Lily Tomlin rose to fame on Rowan & Martin’s Laugh-In as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives.  And her victims included celebrities as much as run-of-the-mill customers.

On one occasion, she called then-FBI Director J. Edgar Hoover, letting him know that “it really takes a Hoover [vacuum cleaner] to dig up the dirt.”

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care.  We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers during the mid-1960s and early 70s.  But confronting such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care.  We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.

An October 22 “commentary” published in Forbes magazine raises the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is apparently: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

October proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen–all of which have reported data breaches involving the theft of credit card numbers.

Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.

“One thing is clear,” writes Hering.  “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

Anyone who’s ever watched the operation of an airport luggage carousel has seen this principle in action.

If you’ve checked your luggage, then you need to head for the baggage carousel as  quickly as you can get out of the airplane.

Because if you don’t get there in time to grab your own bag, there’s a good chance that someone else will.

The reason?  There’s no security officer there to make sure that your luggage goes only to you, and not to someone else.

Experienced baggage thieves know this.  So they wait at the luggage carousel for a piece of luggage to go around two or three times.  If no one collects it, they assume the owner isn’t there yet–and make off with it.

Sure, there might not be anything of value in it–from the thief’s viewpoint, anyway.

No diamonds.

No jewels.

No expensive cameras.

For the thief, it’s a setback–but only a minor one.  He simply dumps the luggage and perhaps goes back to the carousel for another shot at finding a bag stuffed with valuables.

But for the traveler-victim, it’s a disaster.

Most–if not all–of his clothes are gone.

Anything personal–such as gifts he was bringing for friends or relatives–is gone.

So are any vitally-needed medications–if he was foolish enough to store these in his suitcase instead of a carry-on bag.

And does the airline care?

Don’t be stupid.

Why should they?  They got your money when you bought the plane ticket.

That’s all they wanted from you.  And the truth is, that’s all they’ve ever wanted from you–even during the “golden age of air travel” before airplanes became “flying buses.”

The skies of United were never so friendly that airlines felt an obligation to ensure that their passengers’ luggage was actually waiting for its rightful owners.

And the same principle–or lack of principle–applies with such companies as banks, department stores and insurance companies that hold the most private information of their customers.

There are two ways corporations can be forced to start behaving responsibly on this issue.

First, some smart attorneys need to start filing class-action lawsuits against companies that don’t take steps to safeguard their customers’ private information.

Second, there must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”