Fraud in sports: Thru-hiking fakers

This is the second in a series of five posts on the topic of fraud in sports. The first post, from December 5, was about marathon cheaters and how they are publicly investigated and exposed. Today’s post will be about imposters and scammers in the world of thru-hiking, a hard-core and tight-knit community of athletes who long-distance hike with the objective of completing a major trail end-to-end at once. Next Tuesday’s post, on December 19, will discuss fraud in sports gambling schemes, including those committed by players and to induce people into fraudulent investment vehicles. On December 26, the next to last post will be about game fixing, describing conspiracies by players to throw games or systemic spying and cheating operations by teams and coaches. The final post in the series, on January 2, will discuss fraud in sports via doping scandals, such as in the Olympics and the Tour de France.

Thru-hiking is the endeavor of hiking a long-distance trail in full within one hiking season. In the United States, there are three main trails where these attempts are made: the Appalachian Trail, the Pacific Crest Trail, and the Continental Divide Trail. Thru-hiking these trails can take months, passing through all kinds of remote trail and difficult weather conditions, and requiring immense planning and preparation to do so safely and with proper equipment, provisions, and support. Adjacent to thru-hiking is section-hiking, in which hikers complete parts of the same trails methodically over a longer period of time. Because of the intense nature of this activity, and the survivalist needs of the participants who camp rough along the trail and crowd-source information about conditions and news from both the outside world and further down the trail, tightly bonded communities of hikers form.

In this insular community comes a lot of trust and reliance on people’s credibility and honesty. People share materials, hike sections relying on each other’s planning and information about conditions, help each other when they are out of money or food, and generally work together to stay safe and make progress in their individual and collective efforts in the thru-hiking process. In such an intimate social group, reliance on honesty creates unfortunate opportunities for people to commit fraud and carry out scams. Sometimes these acts of dishonesty take advantage of other hikers, whereas others falsify accomplishments or misrepresent setting records.

  • In summer 2017, the story of an inspiring thru-hiker began making the rounds on social media, even receiving publicity in the press and coverage on television news. Stacey Kozel was portrayed as a hero for completing both the Appalachian Trail and the Pacific Crest Trail as a paraplegic with lupus. Unable to use her legs unassisted, Kozel relied on specially-designed braces that allowed her to not only walk, but miraculously walk long distances. However, much like the case of marathon cheaters, the online community of thru-hikers and those who support and follow them soon became skeptical to her claims about her achievements. Thru-hikers operate on a quasi-honor system, without a self-regulatory organization to administer verification and investigation efforts when individuals proclaim that they have completed hikes or set records. However, a robust independent community exists on forums online and that community relies upon much of the same data used by marathon runner authenticators – GPS data, photographs, witnesses, and other real-time physical evidence. No one could remember seeing Kozel on most of the trail, and encounters she should have had with other hikers in rest and communal areas were totally lacking. The photographs of Kozel were mostly only taken at trailheads or other area relatlvely easy to access by driving and then walking a short distance. Kozel reiterated her claims that she did the thru-hikes, but did not stand up to continued scrutiny, and she subsequently removed most of the coverage of her purported hike from the internet. One of Kozel’s possible motivations for pretending to do the hike could have been to get publicity for her leg braces, as she stated that she wanted to be an inspirational user of them and to encourage insurance companies to cover them: How Did No One Notice This Inspirational Hiker On The Pacific Crest Trail?
  • Taking the endurance sport of thru-hiking to an all-new level, there are some individuals who take an ultra-marathon approach to completing the trial. These people aim not only to complete the trial in one go, already an audacious task, but to do so as quickly as possible, in pursuit of a record known as Fastest Known Time (FKT). In 2016, Kaiha Bertollini claimed to have set a huge FKT on the Appalachian Trail. Her announcement of her achievement was shortly followed by major doubts and dissension. Bertollini did not have a support crew, was seen drinking and smoking on the trail or even taking “zero days” where she did not hike at all despite her claim of a lightening-fast finish time, and did not produce the proof and documentation demanded by the community, claiming that her phone that held the evidence was broken. Claiming an achievement like a FKT without the requisite evidence in the 21st century, with the community’s obsessive demand for proof and data easily satisfied by all the recording capabilities technology affords, is sure to arouse criticism and mistrust: The Problem with Claiming a Fastest Known Time in the 21st Century
  • Further in the challenges of the concept of validating FKTs, the popular doubts about claims of setting records suggests that there may be some need for a more robust and reliable authentication system. As the sport grows in popularity and recognition, the unofficial arbiters of the records may need to become at least somewhat more official. In their early days, ultramarathons were plagued by the same questions about reliability of their results, as informality and athlete-driven timekeeping reigned. However, most ultramarathons now are governed by some administrative entity or a race organization, and they typically have reliable, consistent rules about the type of data that is accepted to substantiate authenticate and prevent concerns about alteration or falsification. The time could be near for thru-hiking and FKT attempters to follow suit: We Need to Re-Evaluate the Fixation with Fastest Known Times
  • On a different note, one of the reasons why most people know anything all about thru-hiking or about the trails on which it happens is because there have been several very popular books and film adaptations about the attempts of amateurs to join the sport. Two of the most famous of these books (with movies based on both) are Bill Bryson’s “A Walk in the Woods” and Cheryl Strayed’s “Wild.” These books, depicting thru-hiking attempts on the Appalachian Trail and the Pacific Crest Trail respectively, are both bestsellers and have fascinated readers with their depictions of the authors’ amusing and emotional attempts to immerse into the lifestyle of the thru-hiker. However, a careful contemplation by a real thru-hiker would lead anyone to likely conclude that neither of these authors truly thru-hiked or accurately depicted the experience of having done so. In all cases, the authors wrote interesting, engaging books, mostly appealing emotionally to the readers by retelling the tales of their lack of preparation and overwhelmed reactions to the hike. In the end, they often had to reduce their efforts and could not meet their ambitions. Their books are more about this than they are about actually thru-hiking, and therefore they may reproduce conversations or thoughtful revelations truthfully, but the descriptions of the trails themselves, which induce many other amateur hikers to embark on journeys of their own, are perhaps not so faithful: Why the Most Popular Hiking Memoirs Don’t Go the Distance
  • Finally, a tale of an imposter scammer who chose the trusting and supportive community of thru-hiking to execute his cons: Jeff Caldwell is a serial scammer who operated for many years in the outdoor community, posing as a thru-hiker and taking advantage of fellow thru-hikers and people to whom he appealed because of this identification. He used his false accomplishments as a thru-hiker to pull off romance scams. He claimed he had completed what is known in the thru-hiking world as the Triple Crown – thru-hiking the Pacific Crest Trail, the Continental Divide Trail, and the Appalachian Trail. These assumed bona fides gave him credibility in the community and made his victims easier to befriend and defraud: Inside the Mind of Thru-Hiking’s Most Devious Con Man

Check back next week, Tuesday December 19, for the third post in this series of five, which will be about fraud in sports as illustrated in sports gambling.

Fraud in sports: Marathon cheaters

This is the first of a five-part series discussing fraud in sports. This starts with today’s post which will discuss runners who have been publicly exposed as cheaters in marathons. Next Tuesday’s post will be about imposters and scammers in the world of thru-hiking, a popular endurance sport where people long-distance trail hike in areas like the Appalachian Trail in the Eastern United States or the Pacific Crest Trail which stretches from California to Washington. On Tuesday December 19, the third post will be about sports fraud via gambling, including betting by players and illicit investment schemes. The fourth post on December 26 will be about game fixing, such as the Black Sox Scandal in which several players on the Chicago White Sox conspired to throw the World Series. The fifth and final post, on January 2, will be about major doping scandals, including Lance Armstrong and allegations of systematic doping by the Russian Olympics delegation.

Marathon cheating is a phenomenon that has both fascinated and infuriated running commentators. In a community which is fixated on qualifying times, personal bests, and self-identifications as hobbyist or elite runners which can be separated by mere seconds of pace time, honesty about runner times and speeds is sacred.   In this context, runners who cut courses short, falsify results, or claim publicity for false achievements, undermine the most fundamental measures of success in the marathon running world.

  • In the 1980 Boston Marathon, Rosie Ruiz, a 26-year old New Yorker, finished first among the female runners with an impressive time of just over two hours and thirty minutes. In the face of her amazing accomplishment, Rosie was nonplussed and composed – probably because she cut the course and did not run the 26.2 miles. Ruiz had her medal revoked when other runners stated that they witnessed her running onto the course at mile 25. It turned out that she exited the marathon course near the beginning and took the subway there, where she re-entered and claimed a false victory. Upon investigation, it was discovered that Ruiz’s Boston qualification time, run in the 1979 New York Marathon (her only other marathon before), was fake also, achieved because Ruiz again cut most of the course by riding the subway to re-enter near the end. Ruiz’s fraud rocked the marathon running community, in which road racers had a strong honor code that they felt was pure and safe from cheating that had afflicted sports with equipment or environments that could be altered or adjusted for cheating: Backtalk; 20 Years Later, the Legend of Rosie Ruiz Endures
  • Kip Litton intended to be well-known far outside of his social circles in Clarkston, Michigan as a champion marathoner. However, he has gained notoriety for a different accomplishment in marathon running entirely: prolific misrepresentation of his results and of races run. As Litton shot to the head of the pack in a number of small marathons, his fellow runners became confused by and curious about his quick rise to the top. By investigating race photographs and triangulating his likely performance based upon verifiable race times and per mile paces from previous chip-timed runs, other runners discovered that Litton was falsifying his performance. He was able to pull off this fraud by strategically picking races where he could cut courses or claim to have run qualifying times without even participating at all. The evidence of Litton’s misconduct assembled by the amateur investigators is fascinating and pathological in its devotion to his fraud, even amid Litton’s disqualifications from various races after inconsistencies were pointed out to directors: Marathon Man 
  • Social media has provided a fertile environment for inventive marathon cheating. Legitimate runners who share photos showing their bibs, the identifying numbers that runners wear pinned to their chests or backs during the race, have had those photos stolen and used for bib replication. Runners then use the fake bibs to “bandit,” or run incognito and illicitly, at races. This could be to avoid paying registration fees, to falsify qualifying records, for a prank, or for a creative type of identity theft. As discussed above, the runner community is vigilantly self-policing, and the fascination with these bandits leads to far-reaching vigilante investigations and reporting to race administrators to “out” cheaters:  Inside the Weird World of Social Media Marathon Cheating 
  • The 2017 Mexico City Marathon was mired in scandal when almost 6,000 runners, nearly 20% of the field of 29,000 runner, were disqualified for cheating. Investigation showed that many runners missed timing mats. Others, however, blatantly cut the course, either by riding the subway (harkening back to Rosie Ruiz in New York in 1979 and Boston in 1980) or “bib mules,” runners who wear bibs intended for other runners who do not compete at all, in order to falsify their results (typically to post a qualifying time for Boston or another exclusive race). What exactly happened in Mexico City remains unclear, but it seems to have been a combination of opportunistic runners who took advantage of technological difficulties or shortcomings at the race, and runners cutting the course short by missing timing mats. Such a dramatic disqualification rate should lead the Mexico City organizers and indeed anyone who is behind setting up and administrating a major race event to take a deep look at their internal controls and ensure that future races are set up to diminish the possibilities for going off-course or bandit running:  What the Hell Happened at the Mexico City Marathon?
  • For runners who achieve their results legitimately, race day represents many months or even years of hard efforts brought to fruition. Therefore, for serious runners, cheating and falsifying results is a real insult to all of their work and cheapens the prestige they seek of a credible accomplishment. Therefore many marathon runners who are active in the online communities such as the LetsRun forums take their annoyance or offense at this perceived dishonesty to the next level, launching widespread investigations into uncovering and calling out impropriety. Many runners who do not cheat see those who have cut courses or faked times bragging online, promoting themselves via social media, and their outrage at these actions speaks to the philosophical morality of running. At its most elemental level, and despite the many data-driven external successes one can achieve in the sport, running is a pursuit of internal success, a battle within the self for endurance and accomplishment. Cheating hinders and harms this. People who investigate and call out cheaters hope that they are working as deterrents to runner dishonesty as well as acting as a sort of informal self-regulatory organization for the running community: How to Catch a Marathon Cheat  

For a lot more fascinating examples of and insight into marathon cheating, check out the site Marathon Investigation. Run by Derek Murphy, a business analyst, marathoner, and running fan, the site is a comprehensive survey of impropriety and cheating at marathons all over the world. It offers a really compelling look into the analytical and research aspects of investigating and tracking potential cheaters by using historical data, GPS records, published running times, maps, race photos, and much more publicly available data. For more about Murphy and his motivations and methods, read this profile.

Check back next week, Tuesday December 12, for the second post in this series of five, which will be about fraud in sports as illustrated by thru-hiking fakers and scammers.

Design ethics of addictive technology

As social media platforms, the internet of things, and other online networks advance in sophistication and prevalence, the line between engagement and addiction becomes ever thinner. Features which are designed to make browsing the internet or using connected devices more comfortable, intuitive, and pleasurable are also vulnerable to misuse and abuse which can have highly negative impact on people’s daily routines and lives.

Indeed, the stereotypes of people too engrossed in their phones or tablets to even notice the people around them are widespread and real. So much of social interaction has been carried over into online communities and takes place on social media or in internet comment sections and forums. The positive possibilities of this kind of access to information and collaboration are boundless. Connecting across continents and sharing all kinds of information and ideas is powerful for learning, cooperation, and creativity. Making these systems better and more efficient for users to engage with only further empowers these uses. Designers, engineers, and technologists have taken the positive responses from users and implemented that feedback in coming up with new features and improvements with the aim of making the user interface and experience better.

Whether it’s making screens balanced with vivid images that are easy on the eyes or implementing machine-learning based algorithms that fill users’ feeds with the most interesting and entertaining information tailored for them, the original aim of these innovations is to make the platform or device more interesting to use and therefore to encourage the user to spend more time on it. This has obvious commercial appeal to the companies that create these networks and devices, their advertisers, and their other partners who are all competing to attract people’s attention and gain valuable impressions or content views. Time is money, and a faithful user is a lucrative one.

However, those eyeballs content providers and marketers wish to attract are, of course, inside the heads of people and therefore the ever-ramping effort to engage those people runs into risky territory where interest or active participation edges into dependency and addiction. There are countless studies which have shown health problems stemming from overuse of phones, tablets, computers, and other devices, including eye fatigue, migraines, sleep deprivation, and other problems related to vision, concentration, or stress caused by overindulgence in looking at screens. This is not to mention the destructive social impact that over-immersion in devices can have, isolating people from their families and communities as well interrupting work, diminishing traditional communication skills, and exposing people to online abuse and other unsafe or inappropriate content that could cause harm.

In fact, some of the individuals who have had the loudest voices against the dark side of the advancements of personal technology are in fact the designers and engineers who had a hand in actually creating the most addictive features. For example, the engineer who was involved in creating the Facebook “Like” button and the designer who worked on the “pull to refresh” mechanism first used by Twitter are among a growing group of technologists who have started to question and reject the role that immersive technologies play in their lives. These individuals understand the good intentions that were behind the original creation of these technologies, with the hope to make them more useful or fun for users, but they also see the downsides. Coined “refuseniks,” these early adopters have purposefully made efforts to diminish or balance the presence of technology in their lives. As many of these addictive behaviors center around the use of smartphones and applications on them, many of these people who designed these features and now speak out against them turn off notifications, uninstall particularly time-wasting applications, and even distance themselves physically from their phones by following strict personal rules about usage or cutting off access after certain times or in specific places.

The question remains – pioneers of these features may have matured within their own careers and lives enough to realize that their earlier intentions have destructive potential they don’t want to indulge personally. But how will companies creating products and services in this space balance this as public attention begins to more commonly acknowledge the problematic nature of these features? Being a refusenik cannot be the answer for everyone, as these devices and platforms do bring great value to their users and the world as a whole, despite the negative effect they can frequently also have. Organizations working in this space can take advantage of corporate social responsibility values to balance their innovation of new features with the expectations of how consumers can use them, for good or bad.

On an individual level, it is very helpful to take personal responsibility to acknowledge and understand how these platforms and technologies are designed to make people engaged and how that can turn to addiction. Being conscious of these features or tendencies in their use is key. People should push themselves to understand why and how they use these technologies before adopting and engaging in them. If they feel prone to misuse of it, then understanding the cause of it and exposure to it will help to mitigate its effects.

For an interesting perspective on high-tech designers and technologists who have rejected the technologies they sometimes played pivotal roles in creating, check out this article from The Guardian.

Must-read ICIJ investigative project reports

The International Consortium of Investigative Journalists (ICIJ) is an independent, international network of over 200 investigative journalists in more than 70 countries worldwide. Their reporting focuses on international crime, corruption, and transparency of political and financial power held by governments and corporations. ICIJ works worldwide with local media partners to publish complex investigative reports often focusing on organizational corruption at the highest levels of power and the impact their activities have on people and communities in their home countries as well as in the developing world.

Like this blog’s earlier feature on the work of the Organized Crime and Corruption Reporting Project (OCCRP), reporters associated with ICIJ often follow highly complicated financial trails at major banking institutions and supporting organizations in the financial services industry, in order to uncover tax evasion, theft of national assets, bribery, and other financial crimes.

  • Luxembourg Leaks (2014): This blog has previously discussed the Luxembourg Leaks in the feature post on whistleblowers in the financial services industry. This investigative report was based on documents provided to ICIJ by, among others, a French employee of the Big 4 accounting firm PricewaterhouseCoopers. The ensuing investigation showed that Big 4 firms were facilitating registration of multinational companies in Luxembourg in order to evade local taxes and take advantage of banking secrecy laws that would prevent disclosure of even the existence of their offshore accounts to their home countries. Companies named in these papers included IKEA’s Australian operations, Pepsi, Disney, and the Koch Brothers’ business empire. 
  • Swiss Leaks (2015): Continuing in the vein of uncovering undisclosed accounts and financial arrangements maintained under the protection of a banking secrecy regime, this investigation revealed HSBC Private Bank (Suisse) maintained banking relationships with clients connected to arms trafficking, blood diamonds, and bribery. Many of the clients serviced by HSBC were connected to discredited political regimes in countries such as Egypt, Tunisia, and Syria. These were clients who due to their illegal or sanctioned activity would not be accepted for banking services in other countries. The documents showed that HSBC not only accepted them but repeatedly assured them that their wealth would be shielded from tax authorities or other inquiring government entities. 
  • Evicted and Abandoned (2016): This investigation ran an external audit on projects funded by the World Bank and determined that many of them were in complete non-compliance with the bank’s own policies, causing physical and economical harm to the people it purported to support. The International Finance Corporation, which provides private sector loans on behalf of the World Bank, has given financing to governments and corporations accused of egregious human rights violations. In some cases these financing activities continued after evidence of the violations was made public. Funds from World Bank projects were misappropriated and diverted by local governments to fund violent and harmful campaigns against the people who were supposed to be helped, and social and environmental impact was disregarded in funding projects. 
  • The Panama Papers (2016): Receiving widespread media attention and igniting local investigations in many countries and by many financial institutions, the Panama Papers project was one of the biggest stories in money laundering investigation of recent years. ICIJ worked on this project in collaboration with OCCRP and Suddeutsche Zeitung, the German media organization which originally received the cache of documents from Mossack Fonseca, a trust company in Panama that facilitated legal incorporation of offshore shell entities for many of the world’s wealthiest people and powerful political figures. Many of these shell entities were later involved in illegal activities including tax evasion, fraud, and money laundering. 
  • The Paradise Papers (2017): The most recent of ICIJ’s reports, like the Paradise Papers, this details the facilitation of secret financial arrangements by offshore service providers, this time including one of the world’s most high-profile law firms working in this industry. This time the focus was on legal incorporations in Bermuda, Singapore, and Mauritius. The Paradise Papers differ somewhat from the Panama Papers in that they do not purport to uncover widespread illegal activity, but rather legal activity that is secret or inconsistent with representations otherwise made to the public. Political figures in the US, the UK and Canada, and their donors or other financial supporters, were included this time with information exposing their previously undisclosed offshore arrangements and ownership stakes. The Paradise Papers also provided great detail on the “tax engineering” of many major companies, including Apple, Nike, Allergan, and commodities giant Glencore.   While currently legal, it is expected that the public controversy over these increasingly “creative” tax arrangements may lead to deeper regulatory inquiry as to whether they should remain legitimate practices going forward. 

Like OCCRP, ICIJ has become a highly-regarded media organization in the twenty years since its formation. The work that the journalists of ICIJ do to investigate and expose corruption and crime is critical for the effort to enforce expectations that those in positions of power be held accountable for their actions, which even if legal, can be ethically unacceptable and abusive of the people they purport to serve. These investigations serve a crucial public service in exposing both criminal activity and legal arrangements which nonetheless may not meet society’s standards for transparency or lead later to the facilitation of illegal activity.

Whistleblowers in major US corporate organizations

This is the third of a three-part series profiling whistleblowers in different industries. The first of these posts was on October 13 and focused on the financial services industry, including Julius Baer and PricewaterhouseCoopers. Last Tuesday’s post covered whistleblowers in the pharmaceutical industry, with stories of exposing corporate fraud in the manufacturing and marketing processes at companies like Eli Lilly and GlaxoSmithKline.

Today’s post, the final in this set, will look at whistleblowers from prominent historic cases of business fraud or miconduct in major US corporate organizations. The actions of these individuals in speaking up to expose unethical or illegal business practices led to major media attention, legislative and regulatory scrutiny, legal actions, and deep review of corporate cultures of the organizations. In some of these cases, deep societal debate about or change of previously accepted practices and standards was kicked off by the information exposed by whistleblowers.

  • Sherron Watkins, Enron Corporation: One of the most famous whistleblowers in modern business history, Sherron Watkins was Vice President of Corporate Development at Enron Corporation, the disgraced energy company which is often referred to as one of the biggest corporate scandals in modern history. In August 2001, Watkins reported suspicious accounting practices she observed in the company’s financial statements to Enron’s CEO, Kenneth Lay, who famously did not take action on the memo Watkins wrote on the issue. Enron, of course, filed for bankruptcy in December 2001, after the public disclosure of the fraudulent accounting practices that led to gross overstatement of the company’s financial condition. Watkins has spent the years since the Enron scandal writing and speaking about the problems within the corporate culture of the organization that allowed the fraud to occur and continue. For information on how Watkins sees her role in the Enron scandal more than fifteen years on, check out this Texas Monthly article from 2016.
  • Cynthia Cooper, WorldCom: Cynthia Cooper was the Vice President of Internal Audit at WorldCom, which at one time was one of the largest telecommunications companies in the US. Amid declining profits in the telecommunications industry and a thwarted merger with Sprint, starting in 2000 the company used fraudulent accounting practices to maintain the price of WorldCom stock in a decreasing market. In 2002, Cooper led a team of internal auditors which investigated and exposed this $3.8 billion accounting fraud. Cooper never intended for her internal audit memo to be publicized, and did not want public attention from it, as her feelings about exposing this fraud at a company where she had loved working were complicated. However, investigations by the Department of Justice and the Securities and Exchange Commission followed, which by the end of 2003 determined that the company’s assets had been inflated by an estimated $11 billion due to the fraudulent accounting. Have a look at this Q&A with Cooper from 2008.
  • Courtland Kelley, General Motors: For 30 years, Courtland Kelley worked at General Motors, ultimately as the national head of GM’s vehicle inspection program. For years, Kelley warned GM about design flaws in its cars and trucks that had gone unaddressed. To Kelley, the company seemed more interested in avoiding costly recalls and saving face in public than in making a relatively simple safety fix to the ignition switch system. In 2003, he sued GM under Michigan state whistleblower laws, hoping to expose this company inaction that led to manufacturing unsafe vehicles that were involved in crashes, some resulting in deaths. Kelley’s case was dismissed on procedural grounds, and in the aftermath, Kelley found that he was silenced and marginalized by GM in retaliation for speaking up. The company waited almost ten years before issuing a recall in February 2014. For an in-depth look at what happened at General Motors and to Kelley after he blew the whistle, read this Bloomberg Businessweek piece.
  • Mark Whitacre, Archer Daniels Midland: Mark Whitacre was president of the Bioproducts division at Archer Daniels Midland, a food and commodities trading corporation specializing in processing of grain and oilseed crops. For three years from 1992-1995, Whitacre was an FBI informant aiding in the agency’s investigation of ADM for price fixing (conspiracy arrangement between buyers or sellers to buy or sell a product at a fixed price only, irrespective of market conditions). The price fixing at ADM involved lysine, a chemical additive to animal feed. ADM was part of a cartel with four other companies that inflated prices on lysine because of their concerted market manipulation. Due to Whitacre’s initial reporting and subsequent acting as an undercover informant, the FBI collected a tremendous trove of information about the cartel’s activities and ultimately fined ADM $100 million, with many more hundreds of millions of dollars going from ADM to harmed plaintiffs and customers. Price fixing, once an overlooked practice in the industry which controlled prices without recourse, became a global investigation and enforcement priority. Whitacre himself was a complicated figure, as it turns out he was exposing one fraud while participating in others. In the course of the investigation, he confessed that he had been involved with arranging corporate kickbacks and money laundering schemes, and later pled guilty to tax evasion and fraud in connection with the embezzlement of $9 million, serving 8.5 years of a 10.5 year sentence. Whitacre’s story was dramatized in the movie The Informant!, which starred Matt Damon. For a profile on Whitacre from the time the movie was released in 2009, check out this CNN story.
  • Gregory Minor, Richard Hubbard, and Dale Bridenbaugh, General Electric:   Gregory Minor, Richard Hubbard, and Dale Bridenbaugh are known as the “GE Three.” They were a group of nuclear engineers at General Electric who turned whistleblowers in 1976 to alert the public of ongoing safety issues at US nuclear power plants. Their disclosures about the dangers of nuclear power received significant media coverage and Congressional attention. Minor, Hubbard, and Bridenbaugh timed their disclosures with resigning in protest from their positions in the GE nuclear reactor division. Nuclear power was at that time in wide use in the US; the GE Three raised huge concerns about insufficient controls within the industry due to vulnerabilities from human error and an engineering process that isolated individuals from the overall decision-making process. Their protest resignations and subsequent testimonies had a huge impact on society’s view of the safety of nuclear power and inspired activist campaigns against nuclear power and in favour of environmental safety and protection. Check out this 1976 report from the New York Times archive for the contemporary reaction to the GE Three.

Whistleblowers have been the impetus behind some of the most explosive and powerful disclosures of corporate fraud and malfeasance in recent history. Companies once admired and viewed as financial stalwarts have been shown to have deeply unethical business practices and a concerning lack of organizational and employee integrity below the surface. In an economy and culture which is increasingly dominated by large corporate interests, trust in and credibility of these major institutions is critical for the public. When this is violated by inaccurate disclosures, dishonest accounting practices, or fraudulent business arrangements, consumer and markets confidence is greatly impaired. Whistleblowers therefore perform an invaluable function in making the often personally difficult and professionally costly decision to stand up for the protection of these values when observing misconduct from within their organizations.

 

Whistleblowers in the pharmaceutical industry

This is the second of a three-part series profiling whistleblowers in different industries. This started with last Tuesday’s post looking at the financial services industry, including UBS, HSBC, and Citigroup. Today’s post will be focused on the pharmaceutical industry, looking at whistleblowers who exposed fraudulent sales and marketing practices, ethical issues in the development and research phase, and more. The third and final post in this set on next Tuesday will be about whistleblowers who exposed high-profile corporate fraud in major companies such as Enron and General Electric.

Whistleblowers in the pharmaceutical industry make an important contribution to protecting consumer safety when they come forward to raise concerns about business practices in their organizations. Corporate misconduct in this industry has direct impact on patient care and individual health. Therefore the actions of whistleblowers can serve to not only shed light on fraudulent or abusive actions by organizations or individuals within them, but also to prevent future harm to scientists and researchers working in the business, third party partners within their supply chain, and end-user consumers.

  • Jim Wetta, AstraZeneca: Jim Wetta was a sales employee at AstraZeneca who blew the whistle over misleading marketing practices for the antipsychotic drug Seroquel. AstraZeneca had been approved by the US Food and Drug Administration only for treatment of schizophrenia and bipolar disorder. However, the company took on a major sales effort to market Seroquel for off-label use by children under the care of psychiatrists and elderly people suffering from dementia. The company used continuing education seminars, mandatory for doctors to maintain their licenses to practice medicine, to market the off-label uses of the drug which were not previously approved by the FDA. In 2010, AstraZeneca settled with the Department of Justice for $520 million and faced thousands of product liability claims over the marketing of Seroquel. Check out this New York Times article for more information on what happened in this drug marketing case. 
  • Robert Rudolph, Eli Lilly: Robert Rudolph also worked in sales, in his case Eli Lilly. Along with eight other whistleblowers, he went to the federal government with evidence of illegal sales practices by Eli Lilly in the marketing of Zyprexa, a drug approved, like Seroquel, for use in treating schizophrenia and bipolar disorder. In 2001, the company began to market Zyprexa for a variety of off-label uses, especially in the elderly. Apart from this marketing process, Zyprexa representatives also took names from patient lists at doctors’ offices to try to get them to switch to Zyprexa, a blatant privacy violation. Further, throughout this time the company inflated the stock price by counting drug samples as sales. Rudolph, a long-time employee at Eli Lilly who was at the end of his career, saw the corporate culture changing in a bad way and felt that the pervasion of these practices into the business needed to be stopped. In 2009, Eli Lilly agreed to a $1.4 billion fine in a DOJ settlement. For an idea of the reputational risk this case caused Eli Lilly, take a look at this 2009 opinion piece on the dangers of the company’s practices to society.
  • John Kopchinksi, Pfizer: Like Wetta and Rudolph, John Kopchinski was a sales representative, in his case at Pfizer. In 2003, Kopchinski filed a “qui tam” lawsuit under the False Claims Act, which allows whistleblowers to aid the government in recovering money stolen in frauds that resulted in the government losing money. Kopchinski exposed evidence that Pfizer was promoting 13 drugs, most prominently the arthritis drug Bextra, for off-label uses that the FDA had previously rejected and unapproved doses. Kopchinski was fired by Pfizer after reporting his claims, but continued with the lawsuit until 2009. Pfizer went on to settle with the government for $2.3 billion. For more about Kopchinski’s legal battle with Pfizer, read this 2009 NPR piece.   
  • Adam Resnick, Omnicare: In another qui tam lawsuit filed under the False Claims Act, in 2006 Adam Resnick sued Omnicare, a pharmacy providing drugs to nursing homes, for Medicare and Medicaid fraud carried out in a series of kickback schemes with nursing home operators. This corrupt practice could potentially lead nursing home administrators to make decisions about what kind of drugs they give to residents not based upon patient care, but rather based upon what pharmaceutical supplier has enriched them in exchange for their continued business. Omnicare and the involved facilities settled their cases with the government in 2010. Resnick himself has a challenging past: he was a compulsive gambler who went to prison for check-kiting which led the collapse of the bank where he worked. As part of his rehabilitation from engaging in fraud he dedicated himself to exposing it instead. For more information on the Omnicare case, look to this 2010 article from the Chicago Tribune.
  • Cheryl Eckard, GlaxoSmithKline: Cheryl Eckard was a quality assurance manager for GlaxoSmithKlein. In 2002, she reported evidence that the company was selling defective and mis-identified drugs from its Puerto Rico plant. Eckard lost her job in 2003 after repeatedly complaining, but the FDA and DOJ found so many issues in the plant that GlaxoSmithKlein became an example for other pharmaceutical companies for what not to do. Due to products being mixed up in the manufacture and distribution process, the antidepressant Paxil and diabetes medication Avandamet were tainted. Some of the pills fell apart while others did not have the active ingredient required for them to be effective treatment. The factory where they were made did not have an effective quality controls framework in place. GlaxoSmithKline paid $750 million to the DOJ for their oversight shortcomings. For more information on the production problems Eckard exposed, read this 2010 article from the Guardian.

The process for creating, manufacturing, and distributing pharmaceutical products is long and complex, with many decision points where individuals may make choices in a narrow ethical frame or a limited context which prevents them from seeing the consequences of unethical actions or even the existence of better possible choices. Whistleblowers can help to demystify this process and illuminate for public scrutiny the problems in the design of the system that may cause good people to make bad decisions.

Check back next week, Tuesday November 14, for the final post in this three-part feature on whistleblowers in historical events. Next Tuesday’s post will discuss individuals who exposed fraudulent business practices in landmark cases of corporate fraud and bad business practices.

Whistleblowers from significant scandals in financial services

This is the first of a three-part series profiling whistleblowers in different industries. This starts with today’s post, focused on the financial services industry, describing events where whistleblowers came forward to expose misconduct in investment banking, wealth management, and accounting. Next Tuesday’s post will cover the pharmaceutical industry, including AstraZeneca, Pfizer, and more. The post for Tuesday November 14 will be about whistleblowers who exposed high-profile corporate fraud in diverse companies such as WorldCom and Archer Daniels Midland.

Whistleblowers in the financial services industry have sparked reform for investor protection and shed light on the often secretive or mysterious culture within banking organizations, where trouble can be hidden from competitors and the public alike, as cultural problems deepen inside the organization completely unchecked by controls or encouraged by business strategy.

  • Bradley Birkenfeld, UBS: Brad Birkenfeld is an American banker. His disclosures regarding actions by UBS Group AG that enabled US tax evasion led to a $780 million fine from the US Department of Justice against UBS and publication of information that exposed the previously mysterious world of Swiss private banking. Indeed, Switzerland amended its federal banking law in 2009 and over the years subsequent made significant contributions to cooperation with other countries regarding reporting of tax data of their citizens. In 2013, Switzerland signed the Convention on Mutual Administrative Assistance in Tax Matters, cementing this obligation to roll back banking secrecy in this treaty which over 60 countries signed. For more on Brad Birkenfeld, who both did jail time and received a $104 million reward for his disclosure, check out this Bloomberg profile of him.
  • Rudolf Elmer, Julius Baer: Rudolf Elmer worked for the Swiss private bank Julius Baer for almost twenty years. In his last role, he was the head of the bank’s Caribbean operations for eight years. In 2002, the bank discovered that internal data had been stolen and subjected all employees to a lie detector test. Elmer declined the test once and then took it and failed, leading to this termination. Following this Elmer spent several years trying to share the information he had taken, culminating in releasing a cache of documents to WikiLeaks in 2008 and again in 2011. These documents provided evidence supporting allegations that Julius Baer had facilitated clients’ tax evasion through banking practices in the Cayman Islands. Elmer was tried several times in court for breach of banking and business secrecy laws, which historically have been notoriously tough in Switzerland, but have begun to be rolled back or scrutinized in the wake of cases such as Julius Baer’s.   Elmer also faced charges of harassment and other nuisance offenses for public disputes he got into with the bank and its employees, which demonstrates the complex and sometimes problematic emotional impact whistleblowing can have on people and their relationships with their ex-employers and ex-colleagues. In 2016, Julius Baer settled a deferred prosecution agreement, related to aiding US citizens in the commission of tax evasion, with the US Department of Justice for $547 million. For more information on this, check out this Forbes article from 2016.
  • Everett Stern, HSBC: Everett Stern worked for HSBC Holdings PLC in their Delaware office. He was a compliance officer focusing on monitoring HSBC’s transactions in the Middle East for anti-money laundering purposes. In 2010 and 2011, Stern flagged many transactions he believed could be related to terrorist financing, but his supervisors did not take action on his reporting. He then disclosed his evidence to the FBI and the CIA, kicking off an investigation that uncovered further issues in the bank’s operations in Mexico, Iran, and North Korea also. This culminated in a December 2012 deferred prosecution agreement where HSBC paid a $1.92 billion fine for its insufficient anti-money laundering controls. Stern left HSBC in 2011 and now runs his own private intelligence firm. For more on the money laundering and sanctions accusations against HSBC, read this 2012 article in The Guardian: https://www.theguardian.com/business/2012/dec/11/hsbc-bank-us-money-laundering
  • Richard Bowen, Citigroup: Richard Bowen was a senior executive at Citigroup in the period leading up to the 2008 global financial crisis. He was the chief underwriter of the Consumer Lending Group unit, and in this capacity he was responsible for evaluating and maintaining the creditworthiness of the unit. From June 2006 on, Bowen warned the board of directors of Citigroup about major issues in the risky mortgages being bought and sold by the unit. Bowen reported evidence to the board that many of these mortgages were defective, fraudulent, or both. Despite Bowen’s weekly warnings via required reporting throughout 2006 and 2007, the board did not take action. Bowen requested outside investigations of the Consumer Lending Group unit which substantiated his reports and showed that the unit had been operating with insufficient controls against these risks since 2005. This information should have been provided to shareholders per the Sarbanes-Oxley Act, but it was not, despite the fact that the bank claimed compliance with the Sarbanes-Oxley Act during this period. In exchange for his whistleblowing, Citigroup took away most of Bowen’s responsibilities and eventually fired him. Bowen offered crucial testimony to the Financial Crisis Inquiry Commission in 2010. He is now a motivational speaker on ethical leadership and corporate culture within the banking industry. For a look at what happened to Richard Bowen after he blew the whistle on Citigroup, check out this New York times article from 2013.
  • Antoine Deltour, PricewaterhouseCoopers: Antoine Deltour was a French employee of PricewaterhouseCoopers who was involved in providing information to the press related to tax rulings in Luxembourg for multinational companies. The documents became known as the Luxembourg Leaks and were the focus of a global investigation conducted and published by the International Consortium of Investigative Journalists. The investigation showed that PwC and other major accounting firms were facilitating registration in Luxembourg by multinational companies in order to benefit from advantageous tax rulings for revene reallocation. The legality of these practices is questionable on a number of grounds, including anti-trust, market abuse, and tax deals as illegal state aid. As a result of the disclosures, Deltour and his fellow PwC employee who also released documents, Raphael Halet, received prison sentences (later changed to suspended or overturned) and fines, but have also received a lot of credit for helping to shed light on the secretive practices surrounding these Luxembourg tax rulings and brought greater attention to the need to identify and prevent state-sponsored tax avoidance and evasion. In this sense, like the Julius Baer case, the whistleblower helped to ignite an open dialog about whether banking secrecy laws serve the public interest. For more on this sentiment, check out this piece about the role of citizens in holding the EU accountable.

Individuals like the above speaking up about misconduct they suspect or observe in the financial services industry have brought much-needed exposure and change to business practices. They have also often been punished, fired, criticized, or doubted for their bold decision to expose wrongdoing by their employer and/or colleagues. The 2009 US Dodd-Frank Wall Street Reform and Consumer Protection Act, which was intended to promote transparency and prevent fraud in the financial services industry, now prohibits retaliation against whistleblowers and expands the powers of the Securities and Exchange Commission in order to provide for other protections and rewards for whistleblowers who speak up about corporate malfeasance. Nonetheless, whistleblowers in the US continue to face retribution for their actions, and in Europe they remain open to legal liability in addition, as their disclosures break laws that some may say are designed to enable the concealment of other fraudulent or illegal practices.

Check back next week, Tuesday November 7, for the second post in this series of three about whistleblowers in historical events. Next Tuesday’s post will discuss individuals who exposed fraudulent business practices in the pharmaceutical industry.

Interesting cases of retractions by scientific journals from Retraction Watch

Retraction Watch is a blog that started in 2010 with the objective of publicizing, studying, and contributing to the investigation of retractions in scientific journals of academic research and writing. The validity of academic papers is often held to a vaulted status because of the famed system of vetting through peer review and editorial boards before publication. Identifying mistakes in this context, then, whether through inadvertent technical errors, minor or major, or some intentional misrepresentation or fraudulent conduct, is an interesting and necessary practice in order to uphold academic integrity.

Hundreds of these retractions, many minor but some major or related to malfeasance, occur per year. Thorough investigation and discussion of these issues is important for creating and upholding high standards for integrity for all involved parties – researchers, their communities, the journals where they publish, the academic and general media, and supervisory bodies which are charged with oversight responsibilities over them all.

  • Insufficient controls in review process – “The Case for Colonialism,” Third World Quarterly (2017): This article, by Bruce Gilley, a political science professor at Portland State University, intended to position the history of Western colonialism as basically a reputational problem. This perspective is rooted in a view that said Western colonialism was generally helpful to and necessary for indigenous peoples. Early defences of the publication were on the grounds that the journal does not want to stifle pieces because they are controversial. In response to the publication of this article and the protest provoked by it, fifteen members of the editorial board of Third World Quarterly have now stepped down. Their letter of resignation cites concerns about the peer-review process which they believe that the article did not pass procedurally or substantively. Their criticism was not levelled with the goal of restricting free speech but rather in interests of upholding a high academic standard and honesty in the process.
  • Privacy and consent – “On Separating One from the Other: Images of a Developing Self,” British Journal of Psychotherapy (2016): By nature, articles in medical journals contain very sensitive information about people. As their experiences they had as patients are turned into observations about subjects, does the reasonable expectation of privacy shift at all? Of course, inherent in publishing an article is making the information in it public. People may be okay with having their private clinical information anonymized and shared with the noble objective of contributing to science, but comfort levels with that may change depending on the audience. Patient privacy expectations differ if the publication is available to professionals only or if it may be accessed or shared by anyone, including the public. 
  • Failure to disclose conflict of interest – “Prognostication of Uveal Melanoma: A Work In Progress,” JAMA Ophthalmology (2016): Funding of research and improper disclosure of conflicts of interest related to it is an ongoing concern in many academic areas. For example, it has been suggested that one of the root causes of the 2008 global financial crisis is that economists and other academics writing and speaking publicly made inaccurate or misleading assertions about the health of the global economic system that were motivated by their (unreported) ties to corporate or political entities. Similarly, in scientific research papers reporting on the efficacy of medical treatments and even sometimes recommending specific therapies, may have been funded by pharmaceutical industry entities, raising reasonable questions about the veracity of the papers when the author does not disclose this potential or perceived conflict of interest.   
  • Code of ethics for editorial boards – rejecting papers for ethical concerns (2016): Journals receive submissions which describe work that has already been done, presumably with the permission of the appropriate supervisory authorities when necessary, but sometimes editorial boards may still have lingering “right or wrong” concerns about the work considered or methods used. Journals do not have a universal standard on their handling of articles that are connected to projects that had harmful or destructive methodologies in gathering their data. Some journal representatives feel that the burden does not lie on the journal to retroactively judge the assessment of the supervisory bodies approving and overseeing the research studies. Others feel journals have a moral imperative to set their own progressive standards for ethics in research. 
  • Scientific misconduct – handling of unethical behavior (2011): In some cases a long history of unethical practices emerges in the investigation of research methods for possible retraction of scientific papers. Frank Sauer, a biochemist at University of California Riverside, was accused of misconduct via an anonymous e-mail. The subsequent investigation led to the retraction of numerous papers and the discovery that he had intentionally edited or falsified images used in his work. The university found that some of this behavior was negligent whereas other misconduct was intentional. In this case the investigative committee did not recommend that Sauer be fired but rather go through a variety of other punishments including a publishing ban, freezing merit pay raises, and remedial ethics training. 

Reporting work like that of Retraction Watch helps to show a rare view of this part of the academic process as well as shed light on the outcome of public- or investor-funded research that sometimes may end up discredited due to fraud or misuse of said funds. Disclosing and investigating these practices can be important in raising the standards of not only research itself where needed but also the vetting of work and investigation of possible improprieties to the benefit of the public and other members of the academic research community.

The Madoff Ponzi scheme scandal

For more than 40 years, Bernie Madoff was one of the most prominent figures in the US financial services industry.   His trading firm, Madoff Securities, was founded in 1960 and due to its early adoption of then cutting-edge technology quickly became one of the major market makers in the business. The firm’s technology that it participated in creating later became the NASDAQ trading exchange. Apart from its brokerage business, Madoff Securities also offered investment management and advisory services to many prominent clients. These included banks such as Banco Santander, HSBC, RBS, and BNP Paribas; hedge funds; university endowments; charitable organizations; and famous individuals such as Steven Spielberg, Zsa Zsa Gabor, Sandy Koufax, and Elie Wiesel.

Madoff himself was very well-known in the securities industry. He was on the board of directors of the Securities Industry Association (SIA), the predecessor to the Securities Industry and Financial Markets Association (SIFMA), and served as chairman of SIA’s trading committee. He was also active in the National Association of Securities Dealers (NASD), the self-regulatory organization (SRO) for brokerage firms and exchange markets that predated the Financial Industry Regulatory Authority (FINRA), and served on the board of directors of the SRO, for a period even as its chairman

This last professional designation for Madoff seems ironic now. In reality, Madoff’s investment management business was revealed in December 2008 as a $65 billion Ponzi scheme, the largest financial fraud in US history. This massive fraud was carried out by Madoff and a close group of associates right alongside his legitimate brokerage business and taking full advantage of his huge network of investors and prominent reputation in the industry. In the scheme, trades and returns were completely fabricated and investor redemptions were funded by new infusions from individuals that Madoff aggressively pursued, touting his performance.

Despite numerous SEC investigations of various areas of Madoff’s business, and several outside analysts publicizing urgent and detailed concerns about the business and its purported performance claims which could not be replicated for authentication purposes, this scheme continued unmitigated for at least 15 years, per Madoff’s admission. It may have gone on for as long as 30 years, back to the very beginning of the investment advisory arm of Madoff Securities.

Madoff struggled to keep the fraud going as the global financial crisis caused the markets to contract throughout the fall of 2008, and investors sought redemption. Still, he managed to stay afloat until December 2008, when his sons, Mark and Andrew, confronted him about bonuses he wished to pay amid the mounting investor redemptions. Madoff confessed to his sons that the investment management business was a fraud, and his sons then reported him to law enforcement. In the subsequent months the shocking scale of his fraud and the losses it caused became the subject of public fascination.

For interesting insights on the fraud and scandal surrounding Bernie Madoff’s Ponzi scheme to defraud investors, check out these videos:

  • The Madoff Affair – An episode of the PBS documentary program Frontline from May 2009, when the complete scope of the scandal was still being discovered, which aims to tell the story of the fraud from the beginning and question how it was able to go on for so long.

 

  • The Man Who Knew – This March 2009 60 Minutes segment features Steve Kroft interviewing Harry Markopolos of Rampart Investment Management. Markopolos was a vocal critic and doubter of Madoff’s claimed investment returns. He attempted to alert the SEC on a number of occasions to the fraudulent practices he believed he had discovered in his study of the alleged performance of Madoff Securities, but he was ignored or his claims were not thoroughly investigated.

 

  • Ripped Off: Madoff and the Scamming of America – This is an April 2009 which looks at Bernie Madoff’s fraud in comparison with other Ponzi Schemes of the prior hundred years. With this study, the investigation assesses the magnitude of the damage Madoff’s scheme caused and places it in context of the global financial crisis which was beginning to deepen at the end of 2008.

 

  • The Hunt for Madoff’s Money– This February 2009 segment from the ABC news program 20/20 asks where the money that Madoff defrauded from his investors went, other than fund withdrawals by others’ withdrawals. The investigation looks at the luxury lifestyle and properties of Madoff and his family members and associates that were enriched by his fraudulent investment management scheme.

 

 

  • Madoff Victims on Guilty Plea – In this March 2009 report from CBS News, nine people who lost their investments in Madoff’s Ponzi scheme speak to Katie Couric about their reactions to the exposure of the massive fraud and his guilty plea that resulted in him being sentenced to 150 years in prison without standing trial.

Compliance lessons to learn from the 2017 Equifax cybersecurity breach

Equifax is one of the major US-based consumer credit reporting agencies. It operates globally and due to their nature of its business, maintains sensitive and personal information on more than 800 million individuals and more than 80 million organizations.

In September 2017, Equifax announced that it had experienced a cybersecurity intrusion in July 2017 which impacted the data of up to 200 million consumers from the US, Canada, and the UK. The handling of this breach by Equifax was widely criticized and questioned. Among the controversial aspects of it were the two month delay in publicizing it, the lack of specific information about the data compromised, the inadequate and possibly even unsafe system and support provided for impacted consumers, and the perception of possible insider trading by company executives in the days after the breach took place but before it was public.

As the problematic response to this cybersecurity incident unfolded, Equifax’s various blunders and missteps in the public handling of the situation formed a guide for worst practices in such a scenario. As the dialog around Equifax’s response has shown, poor crisis management in the public eye only compounds the consumer protection problems.

  • Companies do often have legitimate reasons for delaying notifying consumers, regulators, and the public at large about data breaches. Sometimes companies do not even know they have been breached right away. Even once they are aware, sometimes law enforcement will request that they do not disclose the breach. Different types of data may be subject to different disclosure requirements, so companies also sometimes have to take time to determine what data was involved. However, these delays still can be very problematic for consumers, who can be unknowingly at risk and make assumptions about the seriousness with which their data is stored and maintained which might be very far from reality.  Why it can take so long for companies to reveal their data breaches 
  • While Equifax was taking its time notifying consumers and regulators of the data breach, questions abound about when – and what – people on the inside knew about it. This is because only a few days after the July 29 cybersecurity intrusion, on August 1 and August 2, several executives at Equifax sold shares. These transactions were not part of scheduled trading plans, but they were not total liquidations of their positions, and the company says that the executives were unaware of the breach at the time of the trades. However, the perception of possible insider trading is hard to avoid once the timing of this activity is revealed. If they truly did not know about the cybersecurity problem, it would have been wise at least to inform key senior management of the breach and advise them to avoid trading in the stock while in possession of inside information.  Three Equifax Managers Sold Stock Before Cyber Hack Revealed
  • Despite how secret most people in the US see their financial data as being – especially social security numbers and bank account or credit card information – current privacy laws are lacking in many key areas when compared to those in other parts of the world such as the EU. Top of mind among privacy concerns, including the need for consumers to input personal data to check whether their other personal data has been compromised, is that over a month went by before Equifax notified the public of the cybersecurity incident at all. In the 40 days that went past, the data could have been used for many illicit purposes without consumers even being aware they were at risk. Laws in the US currently differ between states with regards to breach notification requirements. There is no unifying directive in the US for the standard where personal data is concerned, such as there will be next year in the US under the General Data Protection Regulation, which requires notification within a maximum of 72 hours. Perhaps a higher standard in the US such as this one would reinforce seriousness of these events to organizations and improve consumer protection and communication processes when they occur.  Equifax breach disclosure would have failed Europe’s tough new rules
  • While these data breaches are unfortunately becoming so common that the public is often less alarmed by them now than in the past, irresponsible or insufficient responses by organizations to these breach still provoke justifiable outrage and calls for change. Consumers being desensitized to the exposure of their personal data just shows how widespread the problem is and how insufficiently the interests of the consumers are guarded. However exhausted the public may seem to be with the ongoing leaks and hacks of their private data, this is no excuse for organizations affected by them to respond with the same passive, indifferent attitude. Equifax’s lack of detail and inadequate communication displayed to the public that they did not care about the invasion consumers were suffering, which is quite a different message than one of fatigue by victims who have had this experience too many times to excuse. The reputational risk suffered by such corporate carelessness is extreme, and hopefully will drive consumers to advocate for a higher standard of responsibility and responsiveness from keepers of consumer data.  The Banality of the Equifax Breach
  • As the public contends with the reality of the Equifax data breach – that subsequent hacking attempts stemming from this breach are inevitable and that companies like Equifax do not meet the standard of care for protecting this private information in their possession – what can anyone do in the future? Holding companies accountable for their poor service by taking their business elsewhere is often the only choice consumers have to voice their displeasure. In the current system individuals aren’t really able to avoid the consumer credit reporting agencies, but organizations could opt to create and use independent systems with more secure infrastructures. These corporate users could drive a technological shift that would also benefit individual consumers. Blockchain and related technologies could provide the solutions to these vexing and chronic security concerns that the existing system seems unable to address.  It’s time to build our own Equifax with blackjack and crypto

Given the ever-increasing risks surrounding cybersecurity, compliance professionals and individuals interested in cybersecurity risk management can take many cues from the above on what not to do in such a situation from Equifax. Hopefully as organizations continue to live with the risk of such intrusions, and improve their control frameworks to prevent and mitigate them, they also pay attention to the public responses in such situation, to make sure that the statements made and guidance provided are adequate and accurate.