Thursday, September 14, 2017

Equifax

This is Joseph

Via Kevin Drum, Michael Hilzik of the LA Times has a tough question:
Three Equifax executives sold shares after the discovery of the breach and before its public disclosure, according to Bloomberg. They collected $1.8 million from the sales, which weren’t part of any prearranged option-exercise programs. The sales were made on Aug. 1 and 2, the third and fourth days after the breach was discovered. An Equifax spokeswoman says the executives were unaware of the breach at the time of their sales, but that’s hardly comforting: One was John Gamble, the firm’s chief financial officer. If the firm’s No. 2 executive wasn’t immediately informed about a catastrophic security breach, why not?
This is one of those explanations that actually looks bad, either way.  If the company can't escalate news of a crisis over several days that is a bad, bad sign for their security types.  It also suggests that the senior executives are not aware of optics, as they had weeks, post-sale, to come up with a way to get in front of this news.  If there really was a moment of horror -- my unscheduled sale happened right after a breach nobody told me about -- then they had weeks to craft a thoughtful comment on the bad timing.

Other explanations are less charitable.

In general, the whole way financial stuff is validated in the internet era needs to be re-thought. The move away from personal interaction leads to efficiency, but the use of things like social security numbers as proof of identity is rather silly.  It has the same weakness as birth date -- it never really changes and so once hacked it's permanently compromised.  


No comments:

Post a Comment