Redmond View

Make CEOs and Boards Accountable for Breaches

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incompetence emerge, and yet the only ones who pay the price are the customers.

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incom­petence emerge, and yet the only ones who pay the price are the customers. Unfortunately, in the case of Equifax, almost everyone could be a customer by virtue of having a Social Security number, a driver's license or a credit report.

In addition to the potential that records of up to 143 million Americans were exposed, it was recently reported that intruders accessed 15 million U.K. records, impacting nearly 700,000 consumers in that country. Anyone sustaining losses stemming from this breach could find it difficult to seek compensation from Equifax, given the fine print that indemnifies the company from such liability, which is why several states attorneys general and the U.S. Department of Justice and FBI are investigating if any laws were broken.

While CIO Dave Webb and CSO Susan Maudlin were gone from the company within a week of the Equifax disclosure (bit.ly/2yEjB2D), perhaps the most galling consequence was that CEO Richard Smith "retired" two weeks after the tech execs fell on their swords with a $90 million golden parachute.

Signs of trouble trace back to March 8 when Cisco warned of a security flaw in Apache Struts that was already "being actively exploited." Equifax discovered the intrusion on July 29, which had been ongoing inside May, yet waited more than a month to publicly disclose it.

As Equifax continues to face criticism from its public response to the attack, those respon­sible are willfully negligent. Perhaps if such negligence became a criminal offense, IT organizations would get the support they need to keep their systems secure. Maybe even routine patching would become universal.

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.