Threat Sheet—Saturday, October 3, 2015


October marks a favorite national holiday—holimonth?—of mine. It’s cybersecurity awareness month. Didn’t you know?

Sponsors of the U.S. Department of Homeland Security-promoted series of events devote themselves to putting cyber risks and responsibilities on the radar of computer users everywhere. Speaking of which, if you’ve been checking up on the Doppler radar, as I have, every couple of hours this weekend, you’ll notice that the weather perfectly sets the scene for this observance. You can witness the gloom descending, reaching its dew point, as the rain-soaked winds of Hurricane Joaquin bear down on the east coast. What could be more apropos?

Cue hackers. Now in its twelfth year, the threat-themed month has already started out with a bang. Barely a few of days have passed and we’ve already seen a number of data breaches. The financial industry trade group American Bankers Association, the crowdfunding site Patreon, and the retail brokerage Scottrade—hacked, hacked, hacked. The usual, really.

One compromise that really caught peoples’ attention, however, was the breach of a computer server at the credit reporting agency Experian. Thieves absconded with Social Security numbers and other personal information for as many as 15 million consumers, including T-Mobile service applicants. All are now at risk of having their identities stolen.

It’s been something else to watch T-Mobile CEO John Legere flail in his attempt to maintain the public’s good will in the face of the breach. Many have ridiculed, rightfully so, the company’s decision to offer two years of free credit monitoring to its victims through the very same company that suffered the breach: Experian. (Seriously. You can’t make this stuff up.)

In spite of that glaring blunder, Legere has taken some admirable actions: posting notices and interacting with the public—as well as his critics—via Twitter. A Forbes writer recently praised Legere for his management of the crisis, saying: “The best thing a company can do after an attack is act like they care.” I’m not sure I fully agree—there are items of more consequence than this on the executive To Do list. But telling people you’re “obviously” and “incredibly angry” is nice, sure.

My advice: Pick a different credit monitoring vendor for the aftermath. Anyway, happy cybersecurity awareness month, dear readers. As for me, I remain on flood watch.

(Oh, and a hat tip to the cyber muckraker Brian Krebs. This newsletter’s subject line appropriates the lede from his Scottrade data breach story, which he published on Friday. Thanks, Brian.)

Robert Hackett


Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.


Experian data breach affects T-Mobile customers. Hackers of the credit reporting agency have stolen the personal information of 15 million consumers off one of the company's servers. T-Mobile, a client of the firm, offered victims of the breach two years of free credit monitoring from—who else?—Experian. (Fortune)

Scottrade, American Bankers Association, Patreon—all hacked. Just the nation kicks off its annual cyber security awareness month, a number of organizations have announced that they've been digitally pillaged. If history is any example, expect more to come. (Fortune, Fortune, Ars Technica)

Snowden joined Twitter. The NSA mega-leaker officially joined the micro-blogging network on Tuesday. His first public conversation was with astrophysicist Neil deGrasse Tyson. (Fortune)

CIA withdrew officers from China after OPM breach. In the wake of a data breach at the federal Office of Personnel Management (the government's HR agency), the Central Intelligence Agency pulled undercover staff from Beijing. The agency feared that the Chinese government would discover the identities of its secret agents. (Washington Post)

Hackers sent phishing emails to Hillary Clinton. As part of a newly released set of emails from the presidential hopeful's private server, messages from spammers were discovered. They took the form of fake speeding tickets. (Fortune)

Tanium raised more money. The world's hottest cybersecurity startup raised an additional $30 million as part of its last funding round. That bring's the company's total venture capital funding to about $300 million. (Fortune)

Okta plans to go public next year. The identity and access management startup seeks to go public in about nine months. CEO Todd McKinnon said he's planning on an IPO next summer. (Recode)

Apple patches operating system flaw. The latest iOS 9.0.2 update fixes a bug that allowed anyone to bypass the phone's lock screen using Siri. The trick let anyone have access to an iPhone's photos and contacts. (ZDNet)

Share today's Data Sheet with a friend:

Looking for previous Data Sheets? Click here.


Fortune contributor Clay Dillow explains why defense budget restrictions on Russian rocket engines could be bad news for Boeing and Lockheed Martin—and good news for SpaceX.

"While SpaceX’s Falcon 9 rocket remains sidelined following a launch failure in June, United Launch Alliance—a joint-venture between Boeing and Lockheed Martin—has won an $882 million contract to send military and intelligence satellites into orbit for the U.S. Department of Defense in fiscal 2016. However, in a separate development on Tuesday Congress released a new version of a proposed $612 billion 2016 defense budget that could restrict ULA’s access to the rocket engines it needs to power its Atlas V rockets, the most commonly-used launch vehicle in ULA’s fleet. That could put the company in a serious bind beyond 2016 as the company scrambles to develop and certify an entirely new rocket (and rocket engine) that can help it fend off competition from SpaceX and other potential newcomers to the space launch market." Read the rest on


Password nihilism. "When did you stop trying?" (McSweeney's)

Final Spectre trailer. Bond's most expensive mission. (, Fortune)

Smartphone porn preferences. We're unsure about Blackphone users... (Fortune, Vice Motherboard)

Jeb Bush: A "cyber-weenie"? (Errata Security)

Introducing ben-ware. Benevolent malware. (Forbes)


Can Jack Dorsey be the CEO of two public companies? by Leena Rao

Google's self-driving cars are coming sooner than you think by Doron Levin

Why cloud users should care that Amazon just kicked Apple TV to the curb by Barb Darrow

Frackers could soon face mass extinction by Stephen Gandel

Chick-fil-A will find mega success in NYC (whether you like it or not) by Daniel Roberts


What do you feed the Pope? Try buratta, poached lobster, and, of course, angel cake. (Fortune)


"Can you hear me now?"

NSA secret-leaker Edward Snowden, posting his first tweet to a publicly verified account in his name on Twitter this week. The line is likely a joking nod to the tagline of "the Verizon guy," a former spokesman for the telecom giant, who often appeared in the company's commercials. You can keep tabs on Snowden by following @Snowden. (Fortune)


Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward