They have failure across the board in their Infosec practices:
*) not splitting their databases, thus requiring multiple databases to be compromised in order to build any kind of relevant info set
*) not having a patch policy
*) not ensuring that default passwords are not changed
Hard to believe this is the company enabled to hold all of our most private data… I am already getting phishing phone calls from random 1-800 numbers talking about ominous “security breaches” and asking me to call back
I wonder how many government agencies are allegedly regulating them? I’m sure this will lead to the creation of yet another government agency to protect us.
Execs dumped stock after the company learned of the breach, but before it was announced to the public. That’s the definition of insider trading. They are claiming they didn’t know, but the sales weren’t prearranged.