Category Archives: Oversight

Facebook again. Plus or minus 20 million.

“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1.  Data exposed between July 2017 and September 2018.  But thankfully only affected 30 million users, not the 50 million users originally feared.  It only took 2 days to stop it after it was discovered.  A flaw in the computer code opened a door.

The decrease in the number of affected users was reported in a blog post.

Does this mean that a defective product was released into commerce?  So who pays how much to whom?

Advertisements

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology

Hiding another ball

“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12.  Bank hid the risks of defective mortgages for at least 2 years.  Sold mortgaged-back securities in the meantime.

“Wells Fargo … [paid] $2.09 billion to settle similar claims.”  Four other banks also settled.

Why do we keep our money in banks?  Weren’t they supposed to be safe?  What does it say about the Boards of these companies?  Did the directors screw up?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report

Amazon leak

“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.

Is this a Man-Bites-Dog story, just considering the source?  What did this cost the employee?  What did it cost Amazon?  What damage did it cause to the customers?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security

Who’s spreading the news?

“Egypt Send Actress to Jail for ‘Fake News,'” The Wall Street Journal, October 1, 2018 A9. Woman posting video on Facebook claiming sexual harassment posted on Facebook sentenced to two years in jail.

Publishing fake news with intent of toppling regime.  Egypt has some problems with sexual harassment.  Appeal expected.

Notice that the government prosecuted the woman, and not Facebook.

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Culture, Data quality, Definition, Duty, Governance, Information, Internal controls, Oversight, Third parties

Facebook again. Again.

“EU May Fine Facebook $1.63 Billion Over Breach,” The Wall Street Journal, October 1, 2018 B1.  The hack of 50 million Facebook users reported earlier may lead to a large fine against Facebook (4 times its annual revenue).  The regulator in Europe has demanded more information.

Impact of stock value not reported.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Value

Inside baseball

“Panel Votes to Release Probe Records,” The Wall Street Journal, September 29, 2018 A3.  House committee votes to release some but not all of the transcripts of testimony given behind closed doors about possible Russian interference in the 2016 elections.

Interesting that, as an interviewee, you have no control over what investigators then do with what you said.  You don’t “own” that.  So, the government “governs” that information, and can ask that it be declassified; you can’t object.  But the government can decline to make some of this public, as they did here (testimony of two members or Congress were not in the interviews to be released). Power is an interesting thing.

And, as the public, you have no “right” to that information unless Congress and various intelligence agencies agree.

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Information, Internal controls, Oversight, Ownership, Third parties, To report

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties