Re: 47MIl? not enough
Nor is the fine going to the right people or people at all for that matter...
The company formerly known as Yahoo! is close to settling cases related to the mammoth data security breach it covered up almost four years ago at a cost of around $47m. In its latest SEC filing, Altaba, as Yahoo is now known, said various legal actions spawned by the 2014 attack were nearly resolved. Yahoo! execs knew that …
This post has been deleted by its author
I've worked with many clients that will just pay the fine each time rather than actually fixing anything.
One insurance client was particularly egregious about it. They split the company into 3 pieces: The top organization the name, equipment, liabilities for underwriting policies, etc. A middle, regional layer that held the actual customer data. Then the bottom layer was the 'independent clubs' that actually interacted with the customer and handled the day-to-day stuff. The local 'clubs' would license logos and trademarked items from the upper company then contract through the middle layer for IT services and resell the middle company's insurance policies (underwritten by the top org).
It was designed this way so that the middle organization could be run as cheaply as possible and just pay fines for not complying with SOx, PCI/DSS, etc until they got shut down by the Feds. At that point they company would be liquidated, and assets (insurance polices, customer data) sold to a new organization that has just started up the day before and be staffed by all the former workers of the old company using the same equipment and same buildings as before. So essentially, they just change the logos and slightly change the name of the middle organization, and since the clubs are using the upper company's name and logos, no one outside the scheme even notice this change. So they get to keep on making massive profits while not doing a damned thing to actually protect customer data.
Oh.. it will... But I'd bet the remains of Yahoo! will be about the last to hit that particular stage, given that its footprint in Europe has always been negligible at best.
Now if you're talking Alphabet, Microsoft, Amazon, several bank and insurance conglomerates .... Only a matter of time...
Am I totally out of touch never having heard of "Altaba" before today?
Are they trying to confuse us with the names of successful companies? If it's not Alibaba, must be Alphabet. No, it's not Alphabet, must be Alibaba. Oh, erm, Alright, nevermind, Al-wossname, must be google ... erm ... wot woz the Chinese google again ... erm ...
Based on the number of affected users, it seems cover-up fines can be quite affordable.
Verizon paid 4.48 billion to own information potentially made public for just 47 mill.
The new owners should demand the fine to be made larger, just to save face.
Biting the hand that feeds IT © 1998–2020