Submitted via IRC for Fnord666_
In a continued effort to pass on any responsibility for the largest data breach in American history, Equifax's recently departed CEO is blaming it all on a single person who failed to deploy a patch.
Hackers exposed the Social Security numbers, drivers licenses and other sensitive info of 143 million Americans earlier this summer by exploiting a vulnerability in Apache's Struts software, according to testimony heard today from former CEO Richard Smith. However, a patch for that vulnerability had been available for months before the breach occurred.
Now several top Equifax execs are being taken to task for failing to protect the information of millions of U.S. citizens. In a live stream before the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee, Smith testified the Struts vulnerability had been discussed when it was first announced by CERT on March 8th.
Smith said when he started with Equifax 12 years ago there was no one in cybersecurity. The company has poured a quarter of a billion dollars into cybersecurity in the last three years and today boasts a 225 person team.
However, Smith had an interesting explainer for how this easy fix slipped by 225 people's notice — one person didn't do their job.
"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not," Smith, who did not name this individual, told the committee.
(Score: 5, Informative) by Anonymous Coward on Monday October 09 2017, @09:28AM (10 children)
If you have over 200 people and still it is possible for one person to fuck up the whole thing, you really have to re-evaluate your process diagrams!!
"trust but verify"
This is nothing but a CEO covering his ass. Criminal negligence on part of the execs and perhaps negligence on part of the one guy as well.
(Score: 0) by Anonymous Coward on Monday October 09 2017, @10:25AM
Not just 1 person, but a person who's job remit included forwarding emails.
I.e. a secretarial assistant.
You can't get the minimum wage staff these days. That's why the company failed.
(Score: 5, Touché) by zocalo on Monday October 09 2017, @11:01AM (2 children)
None of which absolves Richard Smith from *his* responsibility as CEO to make sure that the CIO and other C-level staff were doing their jobs, of course. Something he apparently completely failed to do by his own admission to Congress where he stated that he did not request any update on the matter for several weeks, by which point it was already too late.
UNIX? They're not even circumcised! Savages!
(Score: 2) by Gaaark on Monday October 09 2017, @04:04PM
Yes, it is the Captain's...errr the CEO's responsibility. Just ask Kirk.
Aside, maybe they left Jenn Barber in charge, while Roy and Moss were busy playing "catch the golf ball in your mouth" in their (under)pants.
Just wondering...
Sounds like Richard Smith is one of those CEO's who yell at their computer because he's told there is speech recognition/voice activation software on it, lol.
"Hello computer... computer... hello... HEllo.... HELLO computer.... HELLO!... HELLO!!... COMPUTER!! HELLO!!!"
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Monday October 09 2017, @05:02PM
How dare you throw a cisgendered woman, a superior being, under the bus! This is why there are no cisfemale programmers! See how horrible you misogynerds are!
Haha.... It sounds like Ms. Mauldin ran her department exactly the same way the women here do. It's always just one person at fault. That one person gets fired. Then after a year or so, shit hits the fan all over again, and yet again, it's this one person who fucked up! All their fault! Fire them! Then after a year... well, you get the picture.
Process? Procedure? QA? A second set of eyes, at least, for the important stuff? What the fuck is that? That just stupid crap that assigned males do, and we know how awful those inferior, incomplete beings are.
Next stop: now if only the IT department had been 100% womyn-born-womyn, then, obviously, it wouldn't have happened, because, as superior and complete beings, womyn-born-womyn are infallible!
(Score: 5, Insightful) by TheRaven on Monday October 09 2017, @11:13AM (5 children)
sudo mod me up
(Score: 5, Insightful) by isostatic on Monday October 09 2017, @11:47AM (2 children)
If one person can screw up and accidentally destroy your company, imagine what 1 person who's out to actually do harm can do.
(Score: 2) by Gaaark on Monday October 09 2017, @04:09PM (1 child)
"Equifax did not say in its statement what retirement packages the executives would receive."
What? No jail time?
REALLLLLLY feck with your customers, put a company into dire financial straits (haven't looked: just assuming) and.....drumroll.....you get a retirement package?
Are they out of 'steel toe up the ass' boots?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 4, Insightful) by Thexalon on Monday October 09 2017, @06:37PM
This is nothing new. For instance, Carly Fiorina ran HP into the ground, and HP paid her $40 million to go away.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by EvilSS on Monday October 09 2017, @05:55PM (1 child)
(Score: 0) by Anonymous Coward on Monday October 09 2017, @06:50PM
Well, responsible or not, the shareholders are going to get shafted. How about them CxOs?