Notepad: Risk in Review - April

Morgan O'Rourke


April 3, 2017

cloudpet hacked iot

Hackers Attack Stuffed Animals
In yet another example of the pervasiveness of hacking and the risk of internet-connected products, a line of stuffed animals called CloudPets was recently targeted by cybercriminals. The toys are connected to a mobile app that allows parents to record messages for their children that can then be played back through the animal. Children can record and send return messages through the toys as well. But because of lax security protocols, hackers were able to gain access to the CloudPets database, where the company stores the information of more than 820,000 user accounts, including 2.2 million voice recordings. The hackers then tried to hold the data for ransom, but the company was able to restore the files from a backup. Internet-connected toys also made headlines in February over a talking doll called Cayla. German authorities banned the doll, which responds to questions by accessing the internet, due to fears that security vulnerabilities could allow hackers to eavesdrop on owners.

New York Implements New Cybersecurity Law
New York’s new cybersecurity regulations went into effect last month, making it the first state in the country to implement such heightened requirements. The rules require banks, insurance companies and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program to protect consumer data. Specifically, companies must create and maintain written cybersecurity policies and designate a chief information security officer, either in-house or third-party, who will be required to report annually to the company’s board. The rules also establish standards for data protection and incident response and require companies to conduct periodic penetration testing and vulnerability assessments as part of a regular cybersecurity risk assessment. In addition, companies will need to develop security policies and procedures for third-party service providers.

Google Sues Uber Over Trade Secret Theft
Waymo, a self-driving car company founded by Google, filed a suit against Uber in February alleging that a former Google employee stole proprietary designs for laser-guided driving technology that is now being used by the ride-sharing service to develop autonomous vehicles. According to the suit, Anthony Levandowski, a former Waymo manager who is now with Uber, downloaded more than 14,000 confidential design files to an external hard drive before his resignation. He then used this information to found his own company, Otto, which was later acquired by Uber as part of its effort to develop a fleet of autonomous vehicles. Waymo, which is now a subsidiary of Google’s parent company, Alphabet, is seeking damages for theft of trade secrets and patent infringement as well as an injunction to prevent Uber from using the technology.

man-made earthquakes

Three Million at Risk from Man-Made Earthquakes
Three million people in the central and eastern United States, primarily in Oklahoma and Kansas, are at risk from human-induced earthquakes in 2017, according to a forecast by the U.S. Geological Survey. While still noteworthy, the risk has dropped from 2016, when seven million people were considered at risk. Human-induced earthquakes increased significantly in recent years, likely due to fracking operations in which large quantities of wastewater are injected into the ground to aid in fossil fuel extraction. On average, there were only two earthquakes per year of a magnitude 2.7 or greater in Oklahoma from 1980 to 2000. That number jumped to 5,000 by 2015. Fewer earthquakes were recorded in 2016, however, which was credited to a drop in oil and gas production and new regulatory action, leading to the milder forecast for this year.

Grading Corporate Reputation
For the second consecutive year, Amazon earned the highest corporate reputation score in Harris Poll’s annual Reputation Quotient survey, which ranks reputations of the 100 most visible companies in the United States, as perceived by the general public. Amazon's rating was the highest in the survey's 18-year history. Wegmans, Publix Super Markets, Johnson & Johnson and Apple rounded out the top five. On the other end of the spectrum, Wells Fargo saw the largest drop in reputation score after last year’s fake accounts scandal, while Mylan and Takata—who both made the most visible list for the first time—received especially low reputation scores due to Mylan’s EpiPen pricing scandal and Takata’s airbag problems (see next). There is hope for the scandal-ridden, however—while still ranked in the bottom 10 because of its emissions fraud controversy, Volkswagen rebounded with the highest increase in reputation score of any company in 2016. The survey revealed that the biggest risks to corporate reputation were intentional wrongdoing or illegal actions by corporate leaders, lying or misinterpreting facts about a product or service, and Intentional misuse of financial information for financial gain.

takata airbag settlement

Takata Agrees to $1 Billion Airbag Settlement
Japanese auto parts company Takata pled guilty to federal fraud charges and agreed to pay a $1 billion settlement to compensate automakers and victims affected by defective airbags it manufactured. At least 16 deaths and 180 injuries have been attributed to exploding Takata airbags, resulting in what the National Highway Traffic Safety Administration called “the largest and most complex safety recall in U.S. history,” affecting some 42 million vehicles across dozens of brands. The settlement sets aside $25 million for fines, $125 million for victims and $850 million for automakers. The company is now seeking a buyer or investor in order to raise the funds to pay the settlement and other recall-related costs.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)