“People say, ‘I’ll just sit here with my mouth shut and not answer the phone, and eventually it will go away,'” says Richard Laermer, principal for RLM Public Relations and author of 2011: Trendspotting for the Next Decade. “If they just spoke up, they’d save their companies headaches and money.”
Sony, of course, is the most recent example. It suffered a major security breach of its PlayStation Network and its Qriocity network on April 19. The company didn’t disclose that officially until the U.S. subsidiary issued a statement on April 26. The company issued full details and apologized on May 1. But Sony isn’t alone.
The growth of blogs, Twitter, and other 24/7 news streams has made keeping secrets much harder, which is why so many scandals seem to have happened in the past few years. It’s not that more scandals are breaking out–they’re just more difficult to hide.
Here are 10 of the biggest high-tech scandals of the past 20 years, made worse by companies trying to keep the lid on. And special kudos to Apple and Sony: Each made our list twice.
Intel: Divided and Conquered (1994)
Even worse: As he writes in his summary of the incident, Nicely says Intel admitted that it had first identified the bug six months earlier and did nothing about it.
The flawed chip was later made into a keychain and given to Intel employees, along with an inscription by Andy Grove: “Bad companies are destroyed by crises; good companies survive them; great companies are improved by them.” Still, that’s not nearly as catchy as the more popular slogan the bug inspired: “Intel Inside: Can’t Divide.”
(Image: Courtesy of Chipdb.org)
Iomega: Click Click, You’re Dead (1998)
Though the phrase “click of death” hit public consciousness in January 1998, it had been a subject of heated discussion for over a year on Iomega newsgroups. Yet Iomega took until February 1998 to acknowledge the problem, and only after a class-action lawsuit was filed did it agree to replace all affected Zip drives, not just those purchased within the previous year.
Then what did Iomega do? It began selling a new, even smaller portable storage device called–wait for it–Clik (later renamed the PocketZip). It too died an untimely, though less noisy, death.
Sony: The Rootkit of All Evil (2005)
Security researcher Mark Russinovich posted a blog entry detailing the secret Sony rootkit on October 31, 2005. (Security vendor F-Secure later revealed that it had notified Sony of the rootkit weeks before Russinovich spilled the beans.) The company’s response? “Most people don’t even know what a rootkit is, so why should they care about it?” Sony BMG executive Thomas Hesse told NPR.
On the stupid scale, this was cranking the meter up to 11. Once a rootkit is installed, any smart malware author can take advantage of it (and one did, nine days after Sony’s kit became public). A few days after Russinovich’s post, Sony issued a statement downplaying the risks, and distributed a service pack to remove the rootkit. It didn’t work. Two weeks later, the company vowed to stop distributing CDs with rootkits on them, but by then lawsuits were already being filed. Sony BMG eventually was forced to pay nearly $6 million to settle cases brought by 40 states, as well as to pay fines to the FTC.
Two years later, F-Secure found another rootkit on a Sony product, a biometric-secured USB drive. Once you turn the stupid meter up to 11, it’s hard to turn it back down.
TJX: Hacked to the Maxx (2005)
The bigger cover-up? The mastermind of the TJX intrusion, as well as the theft of some 100 million credit card numbers from Heartland Payment Systems, was a paid Secret Service informant. According to Wired.com’s Threat Level blog, 29-year-old hacker Albert Gonzales was earning $75,000 a year by helping the Feds track down cyberbaddies–chicken feed compared with the millions he is suspected of earning from black-market credit card sales. Gonzales is appealing his 20-year sentence, claiming that he performed the TJX and Heartland hacks at the behest of the government. If that doesn’t work, he can always wait for Oliver Stone to buy the movie rights.
Next: HP, Dell, Amazon, and Apple join the club.
HP: Watching the Detectives (2006)
In early 2006, private investigators working on behalf of the company called up mobile phone carriers pretending to be members of HP’s board, and tracked reporters from the New York Times, Wall Street Journal, Business Week, and CNet. They also physically tailed their targets and tried to plant a keylogger on at least one reporter’s computer. After Newsweek spilled the beans on the operation in September 2006, criminal charges and civil suits followed. Dunn was done as chairwoman, though she managed to escape prosecution.
HP never managed to plug the leaks–or earn back its once rock-solid reputation.
Dell: Up in Smoke (2006)
A month later, another Dell laptop blew up in Illinois. A few days after that, a third notebook self-immolated in Singapore. A 62-year-old man who brought his Dell Inspiron 1300 on a hunting trip in Nevada had to dive for cover when flames coming from the laptop ignited the ammo in his glove box, spraying bullets all over the desert.
Within two weeks, Dell–along with Apple, HP, and other major laptop vendors–announced the largest product recall in the history of the consumer electronics industry. The culprit: 4 million faulty Sony batteries. (Yes, Sony, again.) The laptops were charred, but not nearly as badly as Dell’s reputation.
Amazon: Partying Like It’s 1984 (2009)
No matter. For most Kindle owners, this was the first time they realized that the books they thought they purchased really belonged to Amazon, which could remove those titles at any time. That didn’t go down well. A week after the company’s Orwellian nightmare, CEO Jeff Bezos posted a rare personal apology on Amazon’s user forums for the “stupid, thoughtless” way his company handled the situation.
Apple: Hold the Phone–But Not Like That (2010)
As “Antennagate” gripes continued, Apple announced that the problem was merely a bug in iOS 4 that caused signal strength to be reported incorrectly. That didn’t fly either. When Consumer Reports confirmed that the iPhone 4 dropped calls when touched on its magic spot, Apple was forced to respond … by offering free rubber bumpers for a limited period of time.
Apple avoided the expense and embarrassment of a total product recall, but St. Steven got a few dings in his halo.
Apple: Do You Follow? (2011)
But for a week after two researchers publicized their discovery of a data file containing location data for iPhones, Steve Jobs said nothing, and neither did anyone else at Apple. It apparently required a week of radio silence to figure out just what Apple phones were doing. The activity involved recording the locations of cell towers and open Wi-Fi networks in close proximity to the phone’s location–complete with time stamps and GPS coordinates, for months on end–even when users told their phones not to, and then storing that data in the clear on users’ PCs. Apple insisted that this was not “tracking,” and then promised to fix the bugs that were causing phones to, um, not track people.
Sony: PlayStation Network Won’t Play (2011)
Nearly two weeks later, the network was still unavailable. Sony execs offered the company’s “sincerest apologies” and 30 days of free service to PSN and Qriocity subscribers. As this story was being written, Sony’s network was still offline.
And then it happened to Sony again today. Sony Online Entertainment, the company’s online gaming division responsible for massive multiplayer gameEverquest, went officially dead in the water.
It wasn’t a second attack, so much as a second breach that occurred during the original attack between April 17th and 19th, when it’s thought data thieves pilfered unencrypted personal info (but not credit card numbers) from upwards of 77 million members. According to Japan’s Nikkei news service, the second breach involved the theft of 12,700 credit card numbers and exposure of the data of perhaps 24,000 users.