Wednesday, 15 November 2017

SNJ: T-1912 | “Equifax, Yahoo Fail To Answer The Most Basic Questions During Senate Hearing” | Author: Zack Whittaker | Publisher: Zero Day - ZDNet | #SmitaNairJain


Equifax, Yahoo fail to answer the most basic questions during Senate hearing

Senators were left frustrated as Yahoo didn't know how it was hacked, and Equifax still didn't know who.




Former Yahoo chief executive Marissa Mayer. (Image: pool photo)
Former Yahoo and Equifax bosses stumbled through a Wednesday hearing before the Senate Commerce Committee without answering basic questions about their respective massive data breaches, much to the chagrin of questioning lawmakers. Marissa Mayer, who led Yahoo until she left earlier this year with a $260 million payout after the web giant was bought by Veri
zon, wasn't able to tell senators how hackers were able to steal the company's entire store of three billion user accounts during a breach in 2013. Yahoo disclosed the hack last year, after initially saying only one billion accounts were stolen. She also wasn't able to say who was to blame for the attack, or why it took three years to learn of the breach. What makes the Yahoo affair more confusing is that months before the disclosure, the company admitted it had been hacked in an entirely separate breach from 2014, in which 500 million user accounts were stolen. Mayer recast blame on Russian hackers for the 2014 breach. Justice Department prosecutors filed charges against four Russians, including two intelligence officials and two other hackers. But while Mayer lacked answers, she countered with contrition. "As CEO, these thefts occurred during my tenure," said Mayer, during her opening remarks. "I want to sincerely apologize to each and every one of our users."
Sen. Brian Schatz (D-HI) was less than forgiving, who said that it was "unfathomable" Mayer walked away with a payout that amounts to a what "small city" uses for its annual operating budget. Richard Smith, meanwhile, who retired earlier this year after the catastrophic data breach at credit agency Equifax, which affected more than 145 million Americans, couldn't tell senators who was behind the attack.
Here are 2017's biggest hacks, leaks, and data breaches — so far
Dozens of data breaches, millions of people affected.
 
The company lost control of social security numbers, birth dates, home addresses, and in some cases, driving license information, as well as hundreds of thousands of credit card numbers and other personally identifiable information. Not only did the company draw ire for taking six weeks to inform its customers of the breach, senior executives also took flak for selling millions of dollars' worth of stock before notifying the public. An internal company committee later cleared the executives of any wrongdoing. But chief among the complaints was that the company failed to fix a flaw that gave the hackers access to the company's systems in the first place. The company said in September that it knew that hackers exploited a vulnerability in its website, citing a known vulnerability in Apache Struts, a popular web server software. The bug had been patched earlier in March, but Smith said the patches hadn't been installed on its servers. Sen. Gary Peters (D-MI) said that experts he spoke to said the breach was "not a sophisticated attack," and criticized the company for the oversight. "I can't think of a clear definition of gross negligence," said Peters. "You don't take the precautions when a [vulnerability] roadmap has been put out?" Equifax's interim chief executive Paulino Barros said that the company now spends four-times as much on cybersecurity than it did prior to the breach.
ABOUT THE AUTHOR

zack-whittaker-hs2016-rtsquare-1Zack Whittaker

Writer-editor

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.  
Publisher: Technology News, Analysis, Comments and Product Reviews for IT Professionals | ZDNet Disclaimer: The opinions, beliefs and viewpoints expressed by the various author(s), publisher(s) and forum participant(s) on this web site do not necessarily reflect the opinions, beliefs and viewpoints of the @SmitaNairJain or official policies of the #SmitaNairJain Hashtags: #COPYPASTE #womenintech #womenindigital #thoughtleaders #tedxtalks #tedxspeakers #tedxmotivationalspeakers #tedx #technologyfuturistkeynotespeakers #technology #tech #strategy #smitanairjain #motivationalspeakertedtalks #motivationalspeakers #motivationalspeakeronleadership #motivationalspeakerbusiness #mentor #leadership #keynotespeakers #informationtechnology #futuristtechnologyspeakers #futuristspeakers #futuristmotivationalspeakers #futuristkeynotespeakers #fintech #digitalfuturistspeakers #businessfuturistspeakers Categories & Tags: #smitanairjain, @smitanairjain, smita nair jain, smitanairjain, smitha nair jain</smitha nair jain

Take A Minute To Follow Me On Social Media

Facebook: @SmitaNairJainPage   Twitter: @SmitaNairJain Instagram: @smita.nair.jain          LinkedIn: @smitanairjain          Google+: @smitanairjain