Information security incidents for which the CISO parted company (Part 2)

Continuing the article  Information security incidents, for which the CISO parted ways,  decided to write about several more cases:





Target

The 2014 attack on retail chain Target in the US is still talked about and there is a lot of confirmation in English-speaking sources  , because it was one of the most prominent cases of a successful  attack on the supply chain   - hackers took advantage of the weak security of the supplier of heating, ventilation and air conditioning systems. to compromise Target payment systems and steal about 40 million payment details. The attack was carried out during the Christmas period in 2013.





CIO Beth Jacob left Target a few months after the attack when the company revised its security policy and shortly thereafter appointed its first CIO, former GE CIO Brad Majorino. Since then, Jacob has worked for SPS Commerce and TIVE Health, a supply chain management company.





As is often the case with high-profile attacks, Target CEO Gregg Steinhafel stepped down from all his posts within months of the hack (although the company's failed expansion in Canada was reportedly a factor as well). Other executives who left the company due to cybersecurity incidents included Sony CEO Amy Pascal and Austrian aerospace company FACC CEO Walter Stefan following the successful BEC scam.





Jp morgan

In 2015, the CSO JPMorgan Chase, Jim Cummings and Information Security Director Greg Rattray were transferred to new positions in the bank after  breaking  in  2014   Data leakage amounted to more than 83 million US accounts, including names, email addresses, postal addresses and telephone numbers ... Cummings was reportedly transferred to work on housing projects for the military and bank veterans. Rattray was named head of global cyber partnerships and government strategy, and was replaced as director of information security by former Lockheed Martin chief of security, Roham Amin.





San Francisco State University

, 2015 , -, , 2014 .  , 1 , ( ) .





2014 Oracle. , , « , , , , ».





, Oracle - -, - « , ».





The university confirms that there was a security incident that resulted in "public information" being made available. Since the university's management claims there was no identity breach, the students were not notified as the university believed that the students had no reason to be concerned about their personal information. The university denied that her firing was related to a security incident. The case was later settled out of court.





A source








All Articles