5 Companies That Had A Rough Week

For the week ending Aug. 23, CRN looks at IT companies that were unfortunate, unsuccessful or just didn't make good decisions.

The Week Ending Aug. 23

Topping this week's roundup of those having a rough week are 23 Texas towns whose IT systems were hit by a well-coordinated ransomware attack.

Also making the "Rough Week" list are Hewlett Packard Enterprise for having to pay $666 million to DXC Technology in an arbitration ruling, CenturyLink for a critical Federal Communications Commission report on last December’s massive service outage, a former Accenture employee who was sued by her former employer, and any registered user of a popular adult content website whose user database was left unsecured.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves—or just had good luck—check out this week's 5 Companies That Came To Win roundup.

Texas Towns Hit By Coordinated Ransomware Attack

Twenty-three towns in Texas scrambled this week to recover their municipal IT systems after they were hit by a coordinated ransomware attack on Aug. 16.

All 23 attacks appear to have been launched by a single “threat actor” with the majority of the attacks targeting small local governments.

The Texas state Department of Information Resources (DIR), with assistance from numerous other state and federal agencies including the Federal Emergency Management Agency and the Texas Department of Public Safety’s Computer Information Technology and Electronic Crimes Unit, has been working with the affected towns to bring their systems back online.

The towns hit by the ransomware attack have not been identified. Texas is estimating that the ransomware incident will cost county governments $3.25 million, city governments $2.34 million and educational institutions $1.8 million.

In June the Florida municipalities of Riviera Beach and Lake City were hit by ransomware attacks and the towns agreed to pay hackers $600,000 and $460,000, respectively, in hopes of having their systems restored.

HPE To Pay DXC $666 Million In Spin-In Merger ‘Accounting’ Dispute

Hewlett Packard Enterprise has to pay DXC Technology $666 million as the result of an “accounting” dispute stemming from the 2017 spin-off of HPE’s Enterprise Services unit and its merger with Computer Sciences Corp. to create DXC.

In a filing with the U.S. Securities and Exchange Commission this week, HPE said an arbitration panel had awarded DXC the $666 million, consisting of $631.8 million in damages and $34.3 million in pre-award interest. HPE must also pay post-award interest at an annual rate of 3 percent compounded quarterly until the award is paid.

The award stems from what HPE describes as an “accounting” dispute stemming from the separation and distribution agreement that governed the 2017 spinoff and merger of HPE’s services business.

HPE did say that its ongoing commercial contractual relationship with DXC, under which the global systems integrator purchases significant dollar amounts of products and services from HPE, remains intact.

CenturyLink Hit With Critical FCC Report That Examines Widespread December 2018 Outage

The Federal Communications Commission issued a scathing report this week on the cause and impact of CenturyLink’s massive 37-hour service outage last December that affected 22 million customers across 39 states, crippled the telecommunications company’s broadband internet and VoIP services, and prevented hundreds of 911 emergency calls from going through.

The outage on CenturyLink’s fiber network was caused by equipment failure that was “catastrophically exacerbated by a network configuration error,” the FCC investigation concluded.

“This massive ‘sunny day’ outage was completely unacceptable and impacted millions of customers across the country. Americans expect and deserve reliable phone and broadband service—especially the ability to call 911,” said FCC Chairman Ajit Pai in a statement. “It’s important for communications providers to take heed of the lessons learned from this incident.”

Departed Accenture Senior Exec Hit By Lawsuit From Her Former Employer

IT services giant Accenture is suing a former senior executive demanding that a federal judge issue an injunction against her to prohibit her from disclosing confidential information to her new employer, which Accenture considers a direct competitor.

The employee, Nadine El-Etr Moore, worked as a managing director and was the leader of Accenture’s finance and risk practice in the Midwest region. On July she quit, “abruptly,” according to the lawsuit, and took a job with Boston Consulting Group, working in a capacity that Accenture says is the same role in the same region.

The suit, filed in the U.S. District Court, Southern District New York, says BCG is a direct competitor to Accenture and calls Moore’s work there in the same capacity and territory “an imminent threat to Accenture’s confidential information and trade secrets” and a “direct and willful violation” of non-competition restrictions.

Adult Content Website Exposes Data On 1.2 Million Users

It was a bad week for the popular adult website Luscious. But it was an even worse week for the nearly 1.2 million users of the website whose personal information was exposed on an unsecured database.

Security researchers from vpnMentor discovered that users’ private profile information, which allow visitors to the site to remain anonymous, was actually exposed in an unsecured Elasticsearch database.

Researchers were able to access the personal details of 1.195 million user accounts, disclosing user names and personal email addresses—some of which contained users’ full names, according to a Threatpost story. They were also able to access user activity logs, uploaded content and images, user country of residence and user gender.

The researchers discovered the error late last week and the site operator secured the database on Monday.