Like any industry, high tech has its share of scandals. But they are invariably made worse by companies that react to bad news by hoping no one will notice. As the saying goes, it’s not the crime, it’s the cover-up that kills you.
“People say, ‘I’ll just sit here with my mouth shut and not answer the phone, and eventually it will go away,'” says Richard Laermer, principal for RLM Public Relations and author of 2011: Trendspotting for the Next Decade. “If they just spoke up, they’d save their companies headaches and money.”
Sony, of course, is the most recent example. It suffered a major security breach of its PlayStation Network and its Qriocity network on April 19. The company didn’t disclose that officially until the U.S. subsidiary issued a statement on April 26. The company issued full details and apologized on May 1. But Sony isn’t alone.
The growth of blogs, Twitter, and other 24/7 news streams has made keeping secrets much harder, which is why so many scandals seem to have happened in the past few years. It’s not that more scandals are breaking out–they’re just more difficult to hide.
Here are 10 of the biggest high-tech scandals of the past 20 years, made worse by companies trying to keep the lid on. And special kudos to Apple and Sony: Each made our list twice.
Intel: Divided and Conquered (1994)
When Lynchburg College math professor Thomas Nicely told Intel in October 1994 that its Pentium chips were producing inaccurate results, the company quietly replaced his defective chips and hoped that nobody else would notice. Wrong. Three weeks later, the Pentium FDIV bug made international headlines. A month after that, Intel was forced to issue a recall that cost the company some $475 million, not to mention its reputation.
Even worse: As he writes in his summary of the incident, Nicely says Intel admitted that it had first identified the bug six months earlier and did nothing about it.
The flawed chip was later made into a keychain and given to Intel employees, along with an inscription by Andy Grove: “Bad companies are destroyed by crises; good companies survive them; great companies are improved by them.” Still, that’s not nearly as catchy as the more popular slogan the bug inspired: “Intel Inside: Can’t Divide.”
(Image: Courtesy of Chipdb.org)
Iomega: Click Click, You’re Dead (1998)
Before USB flash drives, the only way to carry more than a floppy’s worth of data in your pocket was via an Iomega Zip disk. But woe unto those who heard the click of death–an audible signal that the Zip drive’s head was misaligned, which was followed shortly thereafter by the destruction of data on those 100MB disks.
Though the phrase “click of death” hit public consciousness in January 1998, it had been a subject of heated discussion for over a year on Iomega newsgroups. Yet Iomega took until February 1998 to acknowledge the problem, and only after a class-action lawsuit was filed did it agree to replace all affected Zip drives, not just those purchased within the previous year.
Then what did Iomega do? It began selling a new, even smaller portable storage device called–wait for it–Clik (later renamed the PocketZip). It too died an untimely, though less noisy, death.
Sony: The Rootkit of All Evil (2005)
If you played a CD from Celine Dion, Neil Diamond, or any of two dozen other Sony BMG artists on your computer in the mid-2000s, your PC probably got infected with malware. That’s because Sony had the bright idea of secretly installing a rootkit–a hackers’ tool designed to hide malware–to cloak the existence of its digital rights management software.
Security researcher Mark Russinovich posted a blog entry detailing the secret Sony rootkit on October 31, 2005. (Security vendor F-Secure later revealed that it had notified Sony of the rootkit weeks before Russinovich spilled the beans.) The company’s response? “Most people don’t even know what a rootkit is, so why should they care about it?” Sony BMG executive Thomas Hesse told NPR.
On the stupid scale, this was cranking the meter up to 11. Once a rootkit is installed, any smart malware author can take advantage of it (and one did, nine days after Sony’s kit became public). A few days after Russinovich’s post, Sony issued a statement downplaying the risks, and distributed a service pack to remove the rootkit. It didn’t work. Two weeks later, the company vowed to stop distributing CDs with rootkits on them, but by then lawsuits were already being filed. Sony BMG eventually was forced to pay nearly $6 million to settle cases brought by 40 states, as well as to pay fines to the FTC.
Two years later, F-Secure found another rootkit on a Sony product, a biometric-secured USB drive. Once you turn the stupid meter up to 11, it’s hard to turn it back down.
TJX: Hacked to the Maxx (2005)
In January 2007, the parent company of the TJ Maxx, Marshalls, and HomeGoods retail chains admitted that its porous Wi-Fi network had been hacked, and that personal information for more than 45 million customers had been stolen. Although TJX said it first detected the intrusion in December 2006, it later admitted that it had been hacked as early as July 2005–or a year after an internal security audit had revealed “serious deficiencies” in its systems–and that the total number of victims was over 90 million.
The bigger cover-up? The mastermind of the TJX intrusion, as well as the theft of some 100 million credit card numbers from Heartland Payment Systems, was a paid Secret Service informant. According to Wired.com’s Threat Level blog, 29-year-old hacker Albert Gonzales was earning $75,000 a year by helping the Feds track down cyberbaddies–chicken feed compared with the millions he is suspected of earning from black-market credit card sales. Gonzales is appealing his 20-year sentence, claiming that he performed the TJX and Heartland hacks at the behest of the government. If that doesn’t work, he can always wait for Oliver Stone to buy the movie rights.
Next: HP, Dell, Amazon, and Apple join the club.
HP: Watching the Detectives (2006)
What does the biggest high-tech company in the world do when it suspects that members of its board are getting too chummy with the press? If you’re HP’s paranoid former chairwoman Patricia Dunn, you hire gumshoes to tap in to their cell phone records.
In early 2006, private investigators working on behalf of the company called up mobile phone carriers pretending to be members of HP’s board, and tracked reporters from the New York Times, Wall Street Journal, Business Week, and CNet. They also physically tailed their targets and tried to plant a keylogger on at least one reporter’s computer. After Newsweek spilled the beans on the operation in September 2006, criminal charges and civil suits followed. Dunn was done as chairwoman, though she managed to escape prosecution.
HP never managed to plug the leaks–or earn back its once rock-solid reputation.
Dell: Up in Smoke (2006)
In June 2006, The Inquirer posted a brief video of a Dell laptop spontaneously combusting at a conference in Osaka, Japan. After the video reached the mainstream media, Dell responded by saying that the problem was an isolated incident, unrelated to the tens of thousands of batteries it had previously recalled for overheating.
A month later, another Dell laptop blew up in Illinois. A few days after that, a third notebook self-immolated in Singapore. A 62-year-old man who brought his Dell Inspiron 1300 on a hunting trip in Nevada had to dive for cover when flames coming from the laptop ignited the ammo in his glove box, spraying bullets all over the desert.
Within two weeks, Dell–along with Apple, HP, and other major laptop vendors–announced the largest product recall in the history of the consumer electronics industry. The culprit: 4 million faulty Sony batteries. (Yes, Sony, again.) The laptops were charred, but not nearly as badly as Dell’s reputation.
Amazon: Partying Like It’s 1984 (2009)
When Amazon reached into users’ Kindles in July 2009 to erase e-books they had bought, it couldn’t have picked two more appropriate titles: George Orwell’s Animal Farm and 1984. As reporters and bloggers weaved dystopian scenarios about Big Bezos, Amazon backpedaled furiously, explaining that it removed the books because the publisher that sold them didn’t have the rights to do so. It also refunded the 99 cents that each book cost.
No matter. For most Kindle owners, this was the first time they realized that the books they thought they purchased really belonged to Amazon, which could remove those titles at any time. That didn’t go down well. A week after the company’s Orwellian nightmare, CEO Jeff Bezos posted a rare personal apology on Amazon’s user forums for the “stupid, thoughtless” way his company handled the situation.
Apple: Hold the Phone–But Not Like That (2010)
When is an iPhone reception problem not an iPhone reception problem? When St. Steven of Jobs says it isn’t. Complaints in June 2010 that the iPhone 4’s unique external antenna was causing phone calls to drop even more than usual for AT&T customers inspired the terse e-mail response from the savior of Cupertino declaring that users were simply holding the phones the wrong way. Case closed. Only it wasn’t.
As “Antennagate” gripes continued, Apple announced that the problem was merely a bug in iOS 4 that caused signal strength to be reported incorrectly. That didn’t fly either. When Consumer Reports confirmed that the iPhone 4 dropped calls when touched on its magic spot, Apple was forced to respond … by offering free rubber bumpers for a limited period of time.
Apple avoided the expense and embarrassment of a total product recall, but St. Steven got a few dings in his halo.
Apple: Do You Follow? (2011)
Like dropped iPhone calls, the notion that Apple is tracking you by keeping a detailed log of your locations over the past year is really just a figment of your imagination. How do we know this? Because Steve Jobs says so.
But for a week after two researchers publicized their discovery of a data file containing location data for iPhones, Steve Jobs said nothing, and neither did anyone else at Apple. It apparently required a week of radio silence to figure out just what Apple phones were doing. The activity involved recording the locations of cell towers and open Wi-Fi networks in close proximity to the phone’s location–complete with time stamps and GPS coordinates, for months on end–even when users told their phones not to, and then storing that data in the clear on users’ PCs. Apple insisted that this was not “tracking,” and then promised to fix the bugs that were causing phones to, um, not track people.
Sony: PlayStation Network Won’t Play (2011)
Sony showed no hesitation going after hackers accused of jailbreaking the PlayStation 3. If only it had put as much energy into protecting its own network. Beginning April 20, the PlayStation Network and the Qriocity online service went down and stayed down. The cause of the outage was a mystery for nearly a week, until Sony finally admitted that, in the days prior to the outage, its network had been hacked. Worse, the personal information of some 77 million customers may have been exposed–making this intrusion the second worst data breach since the TJX and Heartland hacks.
Nearly two weeks later, the network was still unavailable. Sony execs offered the company’s “sincerest apologies” and 30 days of free service to PSN and Qriocity subscribers. As this story was being written, Sony’s network was still offline.
And then it happened to Sony again today. Sony Online Entertainment, the company’s online gaming division responsible for massive multiplayer gameEverquest, went officially dead in the water.
It wasn’t a second attack, so much as a second breach that occurred during the original attack between April 17th and 19th, when it’s thought data thieves pilfered unencrypted personal info (but not credit card numbers) from upwards of 77 million members. According to Japan’s Nikkei news service, the second breach involved the theft of 12,700 credit card numbers and exposure of the data of perhaps 24,000 users.