Nothing matters any more... Now hapless Equifax bags $7.5m IT contract with US taxmen Shortly after we all learned of a massive security breach at Equifax in which the personal information of 143 million 145.5 million Americans and sundry Brits and Canadians was plundered by hackers, the US Internal Revenue Service awarded Equifax a no-bid contract – to provide identity verification services for the tax authority …
Things probably go back further then that. On your SS ID card it states: Not to be used for identification. So naturally what has every company basically wanted? You SSN of course. I'm thinking it's time for some massive class action suits to be brought against any company collecting SSN's.
"Speaking as a database engineer..."
...and that right there is the key thing. The people wanting this business aren't database engineers, they're businessmen who don't care about the deliverable. They care that they can get paid tons of cash for a project, knowing that they can find some underpaid schmucks to (attempt to) get it done, and knowing that there are no real consequences for failure.
Coming to think about it, maybe that's why so few database engineers are millionaires compared to conmen-in-suits
"Think about it: would you take it?"
Would I take $7M for a job? Hell yeah! We've got antivirus on every computer and the D-Link firewall keeps hackers away. And the new intern at accounting seems to know something about computers too. We're covered.
And if there's a security fail? It's a rap on the knuckles, the intern will be fired, and I would sadly need to retire with millions in my pocket.
Next question, please.
$$$$$$$$$$$$$$$$$$$$$
In other news, self-serving US politicians have taken yet another another bung to shore-up the flagging credibility of yet another criminally incompetent US corporation.... at the expense of the people they "represent". Film at 11.
Oh.. wait.. is that the same story?.. Health industry, oil industry, insurance industry, junk-"food" industry, gun industry, finance industry... so hard to keep track...
"We don't care that we're making decisions based on data gathered questionably, stored insecurely and demonstrably accessed by criminals."
The Income Reduction Service demonstrating once again the sort of breathtaking arrogance, contempt and lazy incompetence that goes hand in hand with giving any bureaucracy "guilty until proven innocent" powers.
I'm hampered left and right by restrictive data access policies such as HIP(P)AA and I know those of you in EuroLand have your own set of onerous restrictions.
All of our hard work trying to mask individuals is just a laughing stock to the lords and masters.
Let's just put everything up on pastebin or whatever is current and we don't have to worry about privacy regulations any more. Names, addresses, various tax IDs, spouses, children, incomes made and reported, ownerships, mistresses and misters.
I really think a nice little 5,000,000,000+ DB would help my efforts to match patients and illnesses very nicely.
Oh, and start the seeding of this magnificent DB with the personal info from every ruling class in every country. Even the puppet regimes like Trumpland.
If we can't have a corporate death penalty (i.e. fines large enough to bankrupt a corporation) for even the most serious misdeeds, could we at least have a penalty where a corporation was forced to issue new shares up to, say, hundred times of its current stock to be sold on a public stock exchange over time with the proceeds going in the public purse. To clarify: the intent is to allow regulators / courts to punish the shareholders of a corporation by wiping out the value of their holdings to a degree proportional to the offense thereby creating an incentive to force proper behavior on the board and top management.
Smith blamed the entire hack on a single staffer who knew about a flaw in Apache Struts that the hackers exploited to break in but who didn’t insist the IT department patch to protect systems.
After the culprit has been so clearly identified, I hope we are looking at a bit of tongue-ripping and burning at the stake. It would only be just.
It's clearly not right to blame a single "staffer", after all he could have been on holiday, but equally not necessarily fair to blame the CEO. Somewhere there will be a CTO/software development manager who should have been ensuring that they had a working security regime.
... and somewhere, not a million miles from right in front of everyone, there is an (ex)CEO who should have been ensuring that they had a working CTO. If you're going to get paid 1000x more than people at the coal face then that comes with 1000x the personal responsibility. Heroic rewards can only be justified by heroic effort. If you don't fancy 120 hour working weeks with one vacation per decade then don't sign up for the job.
the CEO carries the can, its there responsibility to ensure that the right checks and balances are in place and the right people are there with the right skills.
Thats why they get remunerated the big Bucks
As to the contract, how can you sinigle source a $7.5m contract, Experian have a competative solution and I'm sure TransUnion do too.
A fuck up at this level is more than just one person.
Where was the policy failure? Who failed to follow up that the job was done? Who wasn't reading tech news? Who had the authority to make sure this was a priority but didn't?
The real responsibility, and guilt, is further up the ladder.
Blaming the low man on the pole who has no authority to take unilateral action, is as old as the hills, but still utter bullshit.
I’m afraid you’re right. We’re at the end of days. I just hope to survive with my wife in some degree of comfort until we can get ourselves out to Dignitas before the pollution reinforced dementia or cancer gets us both.
We decided not to have children - this is not the right world to bring children into, as the true and basic rights of individuals have long been eclipsed by the grasping demands of consumerism and capitalism; and honest debate by the hoarse shouting of empty entitlement. The swamp can’t be drained because there is nowhere left to drain it into.
Better that the human race slides slowly and quietly into extinction, rather than through disease or war, but I’m not holding my breath. We’ve had our turn. We failed. Let nature roll the dice and give a better species a chance.
Read Darwin. "Survival of the Fittest" (best adapted) means there is are no such thing as "rights" in existential terms. Individuals and species have the power to survive or they don't. War, genocide, exploitation, murder, rape and slavery are tactics evaluated solely in terms of effectiveness in ensuring genetic continuity. A species would only be "better" than us if it had the capability to appropriate the resources we consume for itself - i.e. it would need a greater propensity for genocide than us.
In terms of human society rights and morals obviously exist, but it is an (arrogant) error to project that anthropocentric echo chamber onto "life" in general. The Human species will survive precisely because it is vicious, deadly and intelligent. That's very probably why we are the only apex predators with no other members in the same Genus - Neanderthals and Denisovans just weren't lethal enough to survive.
This is the right world to bring children into - as it is the only one we have available at the moment. If you watch the news all the time then yes it is all doom and gloom but the real world around you isn't like that. So much beauty all around us, so many creative people near and far.
Rights are only another human construct and whilst they may have been eclipsed by other human constructs that doesn't mean they are forgotten - they are something to aspire to and fight for. That aspiration is part of the human condition and just as things look bleak at the moment doesn't mean they will be bleak for the next generation or the generation after that.
Work started on York Minster Cathedral in the year 1220 and it was finally completed 1472 - sometimes building something worthwhile means seeing beyond the problems of the day.
Work started on York Minster Cathedral in the year 1220 and it was finally completed 1472 -
Since you picked that example, it is maybe appropriate to consider one of the reasons it took that long: the black death. Scoot back to 1350 and watching the news will bring you doom and gloom about roughly half the population of Europe being exterminated over the course of 5 years. Nothing in modern times comes even remotely close. Add both World Wars together and you get a body count in the same ball park, but given the greater population the mortality percentages are vastly lower.
What effect did death and destruction on that unimaginable scale have on the survival of humanity? None. It probably beefed up average immune system efficiency a bit and it certainly undermined the feudal system, but overall it wasn't even a scratch. Even the Cathedral eventually got finished.
Work started on York Minster Cathedral in the year 1220 and it was finally completed 1472...
We are now far too-short term and self-absorbed to ever complete long projects like this. Nowadays 5 years is considered unacceptable. We’ve lost our patience, we’ve lost the ability to engage and be part of something greater. We are spiritually bereft, and we will suffer for it. We are suffering for it. I feel desperately sorry for future generations.
'On Tuesday, Equifax's former CEO Richard Smith faced a mild grilling from American politicians over the company's woeful handling of the database breach. Smith blamed the entire hack on a single staffer who knew about a flaw in Apache Struts that the hackers exploited to break in but who didn’t insist the IT department patch to protect systems.'
A single staffer who didn't insist the patch was installed?!? Why would it be up to one person to insist a patch is installed?
Did you not have a policy for updates to be tested and installed?
Did you not have pen testing?
but to appoint someone if they were far down the procurement route already which they likely were. If they'd put a stop on it they could have faced a challenge in the court running into millions of dollars. Just a thought from someone who's done a few of these in blighty and knows how p!ssed and litigious companies can get when they feel they've lost out on money they never had..
Fantasy: What if the Equifax breech was actually only honey-pot data, faked and tagged to entrap crims. If they really were identity experts, wouldn't they be smart enough to pull this off? Oh, but the industry still uses social security numbers (which was never supposed to be the case)--so none of them could actually be that smart. Oh well; back to this miserable reality.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
