Category Archives: Vendors

Equifax and SEC Hacks

A lot in the news of late about the hacks at Equifax and the SEC.

“SEC Discloses Edgar Corporate Filing System Was Hacked in 2016,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Hackers Spied for Months,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Board Weighs Clawbacks,” The Wall Street Journal, September 30, 2017 B3.  How many years’ compensation will be affected?

“Equifax Lawyer in Hot Seat,” The Wall Street Journal, October 2, 2017 A1.  Chief legal officer probed for clearing stock sales after executives knew, but no one else did, about the hack.

“Equifax Ex-CEO Lays Out Lapses,” The Wall Street Journal, October 3, 2017 B1.  Staffers blamed for not reacting to public warning.

“Lawmakers Slam the Ex-CEO Of Equifax,” The Wall Street Journal, October 4, 2017 B1.  He and others “weren’t aware of the significance of the company’s data breach ….” “[A]n employee failed to notify other staff to patch the software ….”  For want of a nail ….

“Senators Rap Credit-Reporting Model,” The Wall Street Journal, October 5, 2017 B1.  “[W]hy consumers shouldn’t have power over the data [credit companies] collect on them”?

“Lawmaker Asks SEC To Delay Trade Log,” The Wall Street Journal, October 5, 2017 B12.  Head of House Financial Services Committee pressures SEC to delay release of trading database following hack of SEC systems. Can you have too much information?

“Equifax Timeline Criticized,” The Wall Street Journal, October 6, 2017 B10.  How long did Equifax sit on news of the hack before alerting the Board, the market and the Feds?  Is five weeks too long?  Executives selling stock in that window will be investigated.  Three weeks before he informed the Board.

“After Breach, SSN Reliance Is Criticized,” The Wall Street Journal, October 7, 2017 A4.  One reaction to the Equifax hack is a move to find a replacement for Social Security Numbers.

“Index Firm Flagged Equifax for Security,” The Wall Street Journal, October 7, 2017 B9.  Company warned about Equifax data security flaws in August 2016.

“Equifax Probes Possible New Breach,” The Wall Street Journal, October 13, 2017 B1.  A code installed on Equifax’s website by a vendor “serve[s] ‘malicious content’ to consumers.”  Just when you thought ti was safe to go back in the water again.

“GOP Bill Would Boost Checks on Credit Firms,” The Wall Street Journal, October 13, 2017 B10.  The horse having left the barn, the government wants to exercise more oversight.

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Value, Vendors

More military hacks

“Australia Hack Nets Data on U.S. Arms,” The Wall Street Journal, October 13, 2017 A6.  Hacker hacks a defense contractor’s computers and carried off “commercially sensitive data on sophisticated U.S. weapons systems.”  The ease of the hack is mind-boggling.

Is there a common scheme here?  Or otherwise solve this equation for X.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Vendors

Kobe Steel

Not Kobe beef.

“Suspect Metal Rattles Car Makers,” The Wall Street Journal, October 12, 2017 B1.  A supplier (Kobe Steel) falsifies some of its product-quality paperwork.  Result:  manufacturers of planes, trains, and cars (and others) need to check that the faulty material doesn’t compromise safety.

How valuable is the information you get from your vendors?  How accurate is it?  Do you verify?

 

Leave a comment

Filed under Data quality, Information, Use, Value, Governance, Duty of Care, Controls, Third parties, Internal controls, Compliance, Oversight, Duty, Vendors, Accuracy, Corporation

Internet woes

“Internet Connection Enabled Seoul Hack,” The Wall Street Journal, October 12, 2017 A12.  Use of third-party Korean cyber-security software led to problem when a military network was connected to the internet.  The hackers first attacked the software firm, which also sold to the South Korean military.  The connection to the internet was enabled through a missed connector jack left behind after routine maintenance.

Remind you of the Target point-of-sale hack?  Watch out for your vendors and the connections to the outside world?

Leave a comment

Filed under Controls, Duty, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value, Vendors

Change management

“Russia Modifies Software to Spy,” The Wall Street Journal, October 12, 2017 A1.  The Russian software used by the NSA for virus protection had been modified to “scan computers around the world for classified U.S. government documents ….”

Who are your vendors?  How much should you trust them?

Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Ownership, Protect assets, Security, Third parties, Value, Vendors

Can these folks at least shoot straight?

“Firm Faces Scrutiny Following NSA Hack,” The Wall Street Journal, October 7, 2017 A4.  The NSA may have been hacked through their use of the Kaspersky antivirus program.  Really.  NSA uses Russian software for virus protection.

If the NSA has these problems, what’s a lay citizen supposed to do?  Not just the contractors you hire (remember Booz Allen (Snowden and others)?  How about Reality Winner, on June 6, 2017?), but the vendors you use.

Where’s PC-Matic when you need it? (Not an endorsement)

Leave a comment

Filed under Access, Controls, Duty, Governance, Government, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Vendors

The Hack of All Hacks

The Yahoo hack may have affected 1.5 billion customers.  But in terms of targeted hacks, OPM was pretty big.  There’s a new contender for the Hack of Hacks.

“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1.  The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US.  And they sat on it for awhile (since they discovered in on July 29).

Will this fundamentally change the landscape?  Will we see EU-level privacy controls in the US?  Will the directors of Equifax face personal liability for not ensuring the information was protected?  How can you protect your Social Security Number five years from now?  How will credit decisions be made in the future?

 

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors