Hall of Shame

Annoyed by ongoing examples of large companies who should know better demonstrating a fundamental ineptness towards data protection and high availability, I’ve decided to start a Hall of Shame.

On this page I’ll note, over time, awful failures in companies in the realms of data protection and high availability, as they come to hand. There’s a significant reason why I’m calling this page the Hall of Shame – it’s not about average companies who happen to experience a minor data loss event, but rather, about companies who should know better.

Here’s the entries:

• McAfee issued a virus definitions update in April 2010 that caused havoc with systems worldwide after it quarantined a critical Windows system file, causing affected systems to continuously reboot. As CNET stated in their report on 23 April, “How did this problem occur in the first place? The short answer: poor testing.” It’s easy for them to apologise of course, but let’s be frank: the level of disruption this caused to many businesses makes the failure on their part to test adequately inexcusable. It’s not the first time Anti-Virus companies have done this, yet they refuse to learn from their mistakes.
• A suburban school in Philadelphia, who used secretly installed covert monitoring software on school-supplied laptops to randomly snap photos of students in their own homes, without the knowledge of students or teachers. OK, so a school is not something you’d expect to see listed here, since they’re hardly in the business of high availability or data protection as we normally discuss on this site. However, they still belong in the hall of shame for the following reasons:
  • As educators, they had a duty of care to protect the privacy of their students; they failed in this abysmally;
  • It’s highly questionable whether their actions could even be classified as legal – warrantless electronic surveillance is frowned upon in many countries, including the United States;
  • Monitoring student activities out of school hours represents a significant invasion of privacy, and when it comes to monitoring within the homes of the students, it represents a gross invasion of privacy;
  • As it was clear that the surveillance could result in the capturing of nude or other inappropriate images of minors, given the current attitude of many western governments and legal systems, this might reasonably be classified in engaging in child pornography.
• Symantec, one of the world’s leading IT security firms, suffered a serious database breach that revealed a large amount of considerably sensitive customer data in November 2009. (Thanks to Mustafa Özçakir for pointing this one out to me!)
• Microsoft/Danger/T-Mobile for the Sidekick Debacle. A catastrophic data loss event that should never have happened. Proof as well of the dangers of non-local data storage. Happened October 2009.
• Systems failure by IBM outsourcing causes massive failures to Air New Zealand, delaying thousands upon thousands of passengers, taking systems in a highly time-sensitive field down for approximately 5 hours. Happened Sunday 11 October 2009. Money quote comes from the Air New Zealand Chief Executive, “In my 3o-year working career, I am struggling to recall a time where I have seen a supplier so slow to react to a catastrophic system failure such as this and so unwilling to accept responsibility and apologise to its client and its client’s customers.”
• Data breach at The Guardian’s job website, resulting in half a million CV’s being stolen. Data security is another aspect of data protection, and so I feel justified in citing the breach in this Hall of Shame. Presumably happened in October 2009, though reporting when there are police investigations underway is usually a little vague. What makes this so shameful? How about breach of trust and it’s happened to a job website run by a news organisation – and news organisations are constantly exposed to details about data breaches, so you’d think security would be something they’d be well aware of!

Do you know of an event that belongs in the Hall of Shame? If so, let me know.

Share this using...