Former Equifax chief apologizes to Congress over hack

WASHINGTON (Reuters) – The former head of Equifax Inc (EFX.N) apologized repeatedly on Tuesday at a congressional hearing for the theft of millions of people’s personal data in a hacking breach, saying it took weeks for the credit bureau to understand the extent of the intrusion.

Richard Smith retired last week but the 57-year-old executive led the company over the time of the hack, which Equifax acknowledged in early September.

Late on Monday, Equifax said an independent review had increased the estimate of potentially affected U.S. consumers by 2.5 million to 145.5 million.

In March, the U.S. Department of Homeland Security alerted Equifax to an online gap in security but the company did nothing, said Smith.

“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “I am here today to apologize to the American people myself.”

Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.

Former Republican Senator Saxby Chambliss checks his watch as he and City of Pasadena Councilmember Steve Madison stand with Richard Smith, former chairman and CEO of Equifax Inc., prior to Smith’s testimony before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, U.S., October 3, 2017. REUTERS/Kevin Lamarque

Smith said both technology and human error opened the company’s system to the cyber hack, which has been a calamity for Equifax, costing it about a quarter of its stock market value and leading several top executives to depart.

A company employee failed to tell the information team a software vulnerability that hackers could exploit should be fixed, Smith said. Then, a later system scan did not uncover the weak point.

Slideshow (3 Images)

Smith said he was notified on July 31 that “suspicious activity had occurred,” after security personnel had already disabled the web application and shut down the hacking. He said he only learned in the middle of August the scope of the stolen data.

On Aug. 2, the company alerted the Federal Bureau of Investigation and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

That timing could help lift suspicions that three executives who sold stock on the first two days of August illegally used insider knowledge of the hack. Smith said the three “honorable men” did not know about the breach at that time.

Smith deferred to the FBI on questions of whether the hack had been sponsored by a nation-state.

“It’s possible,” he said when asked if the hackers were from another country.

Writing by Lisa Lambert and Patrick Rucker; Editing by Clive McKeef and Bill Rigby

Our Standards:The Thomson Reuters Trust Principles.

Tech

IDG Contributor Network: Catching up with Adaptive Insights and ruminating over the future

I’ve written in the past about Adaptive Insights, a Silicon Valley-based company in the corporate performance management (CPM) space.

CPM is a term that describes vendors who help organizations plan and model in order to get better insights over future organizational performance. Since I last caught up with the company, they have enjoyed 30% annual growth and now have 3,500 global customers spread across all the different financial/ERP products — from Xero at the smaller end of town all the way up to SAP.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Oracle settles with ex-worker over alleged fiddling of cloud accounts

Oracle has informed a federal court that it is settling a lawsuit in which a former employee had charged that she had been terminated from her job for refusing to go along with accounting principles that she did not consider lawful.

In a joint submission Wednesday to the U.S. District Court for the Northern District of California, lawyers for Oracle and the former employee, Svetlana Blackburn, asked to vacate a case management conference scheduled for Thursday, while submitting a notice of settlement to notify the court “that the lawsuit has been settled in principle, and to request thirty (30) days in which to file a dismissal.”

The lawsuit had drawn interest amid concern that companies could be dressing up their cloud revenue in a highly competitive environment. Gartner, for example, warned in December 2015, that “assessing vendor cloud revenue claims has become more challenging, with many vendors’ IT-related businesses being complicated and nuanced.”

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Oracle settles with ex-worker over alleged fiddling of cloud accounts

Oracle has informed a federal court that it is settling a lawsuit in which a former employee had charged that she had been terminated from her job for refusing to go along with accounting principles that she did not consider lawful.

In a joint submission Wednesday to the U.S. District Court for the Northern District of California, lawyers for Oracle and the former employee, Svetlana Blackburn, asked to vacate a case management conference scheduled for Thursday, while submitting a notice of settlement to notify the court “that the lawsuit has been settled in principle, and to request thirty (30) days in which to file a dismissal.”

The lawsuit had drawn interest amid concern that companies could be dressing up their cloud revenue in a highly competitive environment. Gartner, for example, warned in December 2015, that “assessing vendor cloud revenue claims has become more challenging, with many vendors’ IT-related businesses being complicated and nuanced.”

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Oracle settles with ex-worker over alleged fiddling of cloud accounts

Oracle has informed a federal court that it is settling a lawsuit in which a former employee had charged that she had been terminated from her job for refusing to go along with accounting principles that she did not consider lawful.

In a joint submission Wednesday to the U.S. District Court for the Northern District of California, lawyers for Oracle and the former employee, Svetlana Blackburn, asked to vacate a case management conference scheduled for Thursday, while submitting a notice of settlement to notify the court “that the lawsuit has been settled in principle, and to request thirty (30) days in which to file a dismissal.”

The lawsuit had drawn interest amid concern that companies could be dressing up their cloud revenue in a highly competitive environment. Gartner, for example, warned in December 2015, that “assessing vendor cloud revenue claims has become more challenging, with many vendors’ IT-related businesses being complicated and nuanced.”

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Microsoft’s standing to sue over secret US data requests in question

Microsoft’s lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant’s standing to raise the issue on behalf of its customers.

A government motion to dismiss Microsoft’s complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously” asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

Microsoft’s standing to sue over secret US data requests in question

Microsoft’s lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant’s standing to raise the issue on behalf of its customers.

A government motion to dismiss Microsoft’s complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously” asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

EU prepares to raise Privacy Shield over data transfers to U.S.

European Union officials are set to give final approval to a new EU-U.S. data transfer agreement early next week, after member states gave their approval to an updated text on Friday.

Privacy Shield is intended to replace the Safe Harbor Agreement as a means to legalize the transfer of EU citizens’ personal information to the U.S. while still respecting EU privacy laws.

A new deal is needed because the Court of Justice of the EU invalidated the Safe Harbor Agreement last October, concerned that it provided Europeans with insufficient protection from state surveillance when companies exported their personal data to the U.S. for processing.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

EU prepares to raise Privacy Shield over data transfers to U.S.

European Union officials are set to give final approval to a new EU-U.S. data transfer agreement early next week, after member states gave their approval to an updated text on Friday.

Privacy Shield is intended to replace the Safe Harbor Agreement as a means to legalize the transfer of EU citizens’ personal information to the U.S. while still respecting EU privacy laws.

A new deal is needed because the Court of Justice of the EU invalidated the Safe Harbor Agreement last October, concerned that it provided Europeans with insufficient protection from state surveillance when companies exported their personal data to the U.S. for processing.

The first draft of Privacy Shield agreement presented by the European Commission in January lacked key assurances from U.S. officials on the same matters that had concerned the CJEU about Safe Harbor.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Microsoft sues US government over secret requests for user data

Microsoft has sued the U.S. government in an attempt to strike down a law allowing judges to gag tech companies when law enforcement agencies want access to their users’ data.

The lawsuit, filed Thursday in the U.S. District Court for the Western District of Washington, argues that a section of the Electronic Communications Privacy Act is unconstitutional for requiring tech companies to keep requests for data under wraps. 

Microsoft argued the law is unconstitutional under the First Amendment, by limiting the company’s freedom of speech, as well as under the Fourth Amendment’s due process protections. 

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.

Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. 

In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers’ storage devices being compromised and exposed their personal information, the agency said.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.

Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. 

In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers’ storage devices being compromised and exposed their personal information, the agency said.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Dell expanding in China with $125B investment over five years

Dell plans to invest US$ 125 billion over the next five years in China, the company’s second largest market outside the U.S.

The computers and IT services company is also collaborating with the state-controlled Chinese Academy of Sciences to set up an “Artificial Intelligence and Advanced Computing Joint-Lab,” and is expanding its own research and development team in the country to focus on technologies aimed at the Chinese market.

The company already employs nearly 2,000 senior engineers in its research and development team in the country.

Like many other U.S. technology companies, Dell appears to be making these investments in the country to win over large local government and private business.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing