5 Companies That Had A Rough Week

For the week ending Dec. 20, CRN looks at IT companies that were unfortunate, unsuccessful or just didn't make good decisions.


The Week Ending Dec. 20

Topping this week's roundup of those having a rough week is a former IT administrator at Palo Alto Networks, who along with several friends was charged this week with insider trading.

Also making the list this week are Google for getting a really big tax bill from Australia, Honda’s North American subsidiary for leaving a customer database unsecured, Facebook for having to investigate an unsecured database with data on millions of users, and convenience store chain Wawa for being the victim of malware that stole customer payment card data.

Sponsored post

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

SEC Charges Former Palo Alto Networks IT Administrator With Insider Trading

It was definitely a rough week for a former Palo Alto Networks IT administrator and four other people who were charged by the U.S. Securities and Exchange Commission with participating in a multimillion-dollar insider trading ring.

The SEC charged that Janardhan Nellore, a former IT administrator at cybersecurity tech developer Palo Alto Networks, used his high-level access to the company’s IT systems to obtain confidential information ahead of earnings reports.

Nellore and four friends, who were also charged in the scam, then used that information to trade the company’s securities and make more than $7 million in illegal trading profits. The five carried out the scheme between 2015 and 2018.

Nellore was fired from Palo Alto Networks earlier this year and he was arrested at an airport in May after having purchased one-way tickets to India for himself and his family.

Unsecured Facebook Database Exposes Records Of 267 Million Users

Facebook had some explaining to do this week when a researcher discovered an unsecured online database with the names, phone numbers and Facebook profiles for 267 million Facebook users.

The database, discovered by security researcher Bob Diachenko, was available for about two weeks in an unprotected format and had already been copied to Hacker forums, according to a Forbes report. The fear is that the data is now in the hands of shady telemarketers, spam purveyors and scammers who run phishing campaigns, said a Business Insider report.

Researchers believe the database was actually owned by a criminal enterprise and it’s unclear how they originally obtained the Facebook data.

Most of the people whose names were in the database are from the U.S. The database was taken offline after Diachenko, who traced the database back to Vietnam, contacted the internet service provider that was hosting it.

Honda Database Exposes Records Of 26,000 North American Customers

Facebook wasn’t the only company with unsecured database problems this week. An unsecured database owned by American Honda Motor Co, the North American subsidiary of the Honda Motor Co., was found this week to have exposed data for as many as 26,000 Honda customers, according to a Threatpost story.

The cloud-based database, running on Elasticsearch, contained customer names, email addresses, and phone numbers of vehicle owners, as well as vehicle makes and models, VIN numbers and service information, according to Threatpost.

The open and unprotected database, used as a data-logging and monitoring server for auto telematics services for new customer enrollment, was discovered by security researcher Bob Diachenko on Dec. 11 and appeared to have been exposed for more than a week, accessible to anyone with a web browser.

The database server was shut down on Dec. 13 after Diachenko notified Honda security. Honda has said that no customer financial information was compromised in the incident.

Wawa Convenience Stores Hit With Payment System Malware

And completing a trifecta of data security incidents this week , Wawa Inc., a Wawa, Pa.-based chain of convenience stores and gas stations, acknowledged that malware discovered on the company’s payment processing servers on Dec. 10 stole customer payment card information.

Wawa operates some 850 stores in Pennsylvania, New Jersey, Delaware, Maryland, Virginia and Florida, and the company said the data theft potentially affected all locations.

The company said the security breach was contained Dec. 12. But the malware affected customer payment cards, including credit and debit cards, used at Wawa stores as far back as March 4, 2019.

It’s unknown how many customers may be impacted by the security breach. Wawa is offering to provide affected customers with one year of identity theft protection and credit monitoring at no charge.

Google Pays $330 Million To Settle Australia Tax Dispute

Google agreed this week to cough up AU$481.5 million (about U.S. $330 million) to settle a long-running tax dispute in Australia. The settlement covers a decade’s worth of back taxes from 2008 to 2018, according to a report from The Guardian.

The settlement is the result of Australia’s Multinational Anti-Avoidance Law that imposes taxes on ecommence sales in Australia that were re-routed through territories with more favorable tax rates, The Guardian said.

The settlement is a big win for the Australian Tax Office, which has collected a total of $1.25 billion from giant Internet companies including Apple, Facebook and Microsoft, according to the Guardian.