The thing that really sucks for the TV show is that it wasn't even their own employee. It was an employee for their data hosting company. You know... the guys who you're supposed to outsource to to make sure that this stuff doesn't happen.
Unless "back up our data" is part of the hosting contract, the host is off the hook.
There's up to two fools here:
- If the hosting company does not have a disclaimer in their contract that the data backup onus is not on them, then they deserve to be sued for all they got.
- The TV producer should keep their own backup. Trusting a third party blindly with your most precious data is simply stupid, and unworthy of anyone involved with IT in this day and age. I would back up data even if the host did have a contractual obligation to back up my data. Shit happens, it's not a matter of "if", but of "when".
Surely the data company has redundancy or backups or data recovery software available? Surely they considered the risk of a staff member deleting copies / a hacker / a fire.
Surely the producers have at least working copies somewhere (I can't see people live-editing on a cloud server). Surely they considered the risk of the company going bust / data loss / their own staff deleting the copies.
Would assume this was an April Fools thing it's that bad (except for the fact it quite obviously isn't due to the quite obvious reputation damage that will effectively destroy this company).
>"According to a lawsuit that was filed last week in Hawaii District Court, a man named Michael Scott Jewson was terminated from CyberLynk. From his parents' residence, he allegedly accessed CyberLynk's data and intentionally wiped it out. Jewson is alleged to have been charged in February with a federal computer crime violation and admitted his guilt in a plea agreement.
The data breach allegedly knocked out 6,480 WER1 electronic files, or 300 gigabytes of data, comprising two years of work from hundreds of contributors globally, including animation artwork and live action video production."
These sort of reports often over do it with the use of "allegedly" as an attempt to mitigate any libel claim.
"Jewson is alleged to have been charged"
Surely it's a matter of record whether he was charged. If the reporter can't even confirm this then they don't have a story.
"The data breach allegedly knocked out 6,480 WER1 electronic files"
Again they don't need that "allegedly", it's presumably a reported fact, the allegation they have to be wary off is the one that says the person responsible.
While I agree with you on your first point (that the reporter shouldn't have to use the word "allegedly" if he/she can confirm the man was charged), personally, I think using allegedly in the sentence about the files being knocked out is warranted. "The data breach" is referring to the data breach the man *allegedly carried out.
TV news reporters != attorneys. So when in doubt, attribution is your best friend.
(Warning anecdotal evidence)
Having worked in China on a number of startups and worked alongside people who have had to fire employees, it's often common practice to just lock fired employees out of their systems. I've had this happen to people I know and had to do it once when letting a programmer go (which is nearly impossible to do after a probationary period due to the labor laws in the country, it's very very difficult to fire somebody, the company has to provide reason, pay social benefits, or face the employee in a court--forget it if you're a foreign company).
I have heard stories of letting people go to find out that all of the work that employee did for the last month or two deleted, source missing, machines just wiped clean.
I read that title and kind of laughed because, well, it is a seemingly commonplace response in some parts of the world.
In my case I gave a months notice I was resigning and was locked out immediately. Imagine how much it sucks to come into work everyday with nothing to do except go to lunch. When I wasn't offering the other developers advice on the code I had worked on or APIs I was familiar with I was just shooting the breeze.
This was the hole in the policy. It was designed to keep disgruntled employees from damaging the system but the ones leaving on good terms were treated exactly the same.
This is one thing which can happen when you put all your data into "the cloud" and hope for the best. One risk which any business has to take into account is the possibility of a rogue employee or ex-employee running amok. Putting all your eggs (or data) into one basket, especially when that basket is administrated by people who don't particularly care either way what happens to your business, may not be the wisest strategy.
I assume this is them: http://www.cyberlynk.net/ with the late 90s "new" graphic against off-site data backup. I hope the show producers sue someone, either Cyberlynk if they claimed they did redundant backup or their IT guy/company for setting them up with such a bum deal.
That employee may be going to jail, but it's not his fault that this happened. If your fired employees have access to your servers, you fucked up the firing horribly. Similarly, if one data center going offline can take out your entire season of work, perhaps you need to learn what redundancy is.
This is wrong; and is a class of error which I see frequently, especially in political comment; both from the left and the right.
The underlying incorrect assumption is that responsibility is mutually exclusive.
In many cases, responsibilities are divided cleanly between people, but this is an organisational convenience, not a moral law. There are cases where it is inescapable that more than one person has the same responsibility. Consider an army sargeant: he may assign a task to a soldier, but still has the responsibility for seeing that it is done. This is true for all leadership positions.
Much political discourse revolves around who has responsibility, and frequently one sees it argued that A is not responsible because B is, often in cases where this is incorrect. Eg, employer versus employee, individual versus government, etc etc.
The error is made in both directions, depending on the political beliefs of the arguer: an individual is not responsibly because the organisation is, or the organisation is not responsible because the individual is..
A particularly dumb one, in my opinion, is the argument that government is not responsible for something, because individuals are. In my view, all the valid responsibilities of government are derived from responsibilities of the individual: the responsibility to defend the nation is derived from the individuals responsibility to protect him/herself and family, etc.
I really don't get this philosophy. I've seen this a lot recently in various discussions on HN, and I'm honestly dumbfounded. How do you justify this line of thought, that negative action against someone, done deliberately, is not the perpetrator's fault?
I mean this completely academically, so please don't take it as an insult (I'm genuinely curious) - but was this perspective something you were raised with or did this develop out of experience / general personal exploration of the world?
I wouldn't say that it's not the employee's fault, but if you are suggesting that it's other peoples' fault as well, I'd definitely agree. In an incident like this a lot of people have to have been very negligent.
Somewhat different situation, but after having quit one a Silicon Valley startup after its acquisition, I still have access to a lot of its network. I'm sure it's a common occurrence. Shutting people completely out of a network is really hard, where there are so many different accounts to close. (Unix access on all boxes, mysql, cms, email, bug-tracking, apple dev accts, irc, support forums, etc. etc.) Especially doing so without deleting data (which you might need in the future, to check on something that the employee worked on, or an old email containing documentation, etc…)
Rather, I think the issue is the lack of a good backup strategy. Off-site, automated backups should have been in place. I've seen someone `rm -rf /var/mysql` and, after a heart attack, recover it. Your system should be rm-proof!
You judge without knowing enough details to do so. For all we know, the contract with the data center may have included regular backups, including off-site backups. In such a case, as a company, you've done everything you could and should have and the data center is entirely to blame, if the employee managed to destroy the backups as well.
This is surprising, it would be like sitting my web apps code/ database on one live server without a local copy, and possibly multiple backups elsewhere. How can a TV production company justify this? I mean it would cost just about nothing relative to production costs to put 300gig on S3.
You're assuming that the production company can afford to have someone around who knows how to put data on S3. My guess is that they outsourced this to the company who had the fired employee. Still, they should still have some kind of original files on some other medium somewhere... but who knows, maybe their production workflow revolved around this data-host. In which case they are really borked.
[+] [-] mbreese|15 years ago|reply
[+] [-] jrockway|15 years ago|reply
Actually, outsourcing is designed to be cheap, not to lower risk. Trusting the lowest bidder to an important task usually results in disappointment.
[+] [-] d2|15 years ago|reply
[+] [-] gm|15 years ago|reply
There's up to two fools here:
- If the hosting company does not have a disclaimer in their contract that the data backup onus is not on them, then they deserve to be sued for all they got.
- The TV producer should keep their own backup. Trusting a third party blindly with your most precious data is simply stupid, and unworthy of anyone involved with IT in this day and age. I would back up data even if the host did have a contractual obligation to back up my data. Shit happens, it's not a matter of "if", but of "when".
[+] [-] alexqgb|15 years ago|reply
[+] [-] maushu|15 years ago|reply
[+] [-] nopassrecover|15 years ago|reply
Surely the producers have at least working copies somewhere (I can't see people live-editing on a cloud server). Surely they considered the risk of the company going bust / data loss / their own staff deleting the copies.
Would assume this was an April Fools thing it's that bad (except for the fact it quite obviously isn't due to the quite obvious reputation damage that will effectively destroy this company).
[+] [-] pbhjpbhj|15 years ago|reply
The data breach allegedly knocked out 6,480 WER1 electronic files, or 300 gigabytes of data, comprising two years of work from hundreds of contributors globally, including animation artwork and live action video production."
These sort of reports often over do it with the use of "allegedly" as an attempt to mitigate any libel claim.
"Jewson is alleged to have been charged"
Surely it's a matter of record whether he was charged. If the reporter can't even confirm this then they don't have a story.
"The data breach allegedly knocked out 6,480 WER1 electronic files"
Again they don't need that "allegedly", it's presumably a reported fact, the allegation they have to be wary off is the one that says the person responsible.
This really annoys me, allegedly.
[+] [-] ubuntuftw|15 years ago|reply
While I agree with you on your first point (that the reporter shouldn't have to use the word "allegedly" if he/she can confirm the man was charged), personally, I think using allegedly in the sentence about the files being knocked out is warranted. "The data breach" is referring to the data breach the man *allegedly carried out.
TV news reporters != attorneys. So when in doubt, attribution is your best friend.
[+] [-] trafficlight|15 years ago|reply
[+] [-] Retric|15 years ago|reply
[+] [-] sabalaba|15 years ago|reply
I have heard stories of letting people go to find out that all of the work that employee did for the last month or two deleted, source missing, machines just wiped clean.
I read that title and kind of laughed because, well, it is a seemingly commonplace response in some parts of the world.
[+] [-] yardie|15 years ago|reply
This was the hole in the policy. It was designed to keep disgruntled employees from damaging the system but the ones leaving on good terms were treated exactly the same.
[+] [-] motters|15 years ago|reply
[+] [-] scythe|15 years ago|reply
http://worldbackupday.com/
[+] [-] pinwale|15 years ago|reply
[+] [-] hartror|15 years ago|reply
[+] [-] r00fus|15 years ago|reply
[+] [-] famousactress|15 years ago|reply
[+] [-] MichaelApproved|15 years ago|reply
It wasn't all their data but enough to make what was left unusable.
[+] [-] dhughes|15 years ago|reply
[+] [-] dschobel|15 years ago|reply
Because there are many terms for that particular personality type, none of them flattering.
[+] [-] jrockway|15 years ago|reply
[+] [-] ajb|15 years ago|reply
This is wrong; and is a class of error which I see frequently, especially in political comment; both from the left and the right.
The underlying incorrect assumption is that responsibility is mutually exclusive.
In many cases, responsibilities are divided cleanly between people, but this is an organisational convenience, not a moral law. There are cases where it is inescapable that more than one person has the same responsibility. Consider an army sargeant: he may assign a task to a soldier, but still has the responsibility for seeing that it is done. This is true for all leadership positions.
Much political discourse revolves around who has responsibility, and frequently one sees it argued that A is not responsible because B is, often in cases where this is incorrect. Eg, employer versus employee, individual versus government, etc etc.
The error is made in both directions, depending on the political beliefs of the arguer: an individual is not responsibly because the organisation is, or the organisation is not responsible because the individual is..
A particularly dumb one, in my opinion, is the argument that government is not responsible for something, because individuals are. In my view, all the valid responsibilities of government are derived from responsibilities of the individual: the responsibility to defend the nation is derived from the individuals responsibility to protect him/herself and family, etc.
[+] [-] firemanx|15 years ago|reply
I mean this completely academically, so please don't take it as an insult (I'm genuinely curious) - but was this perspective something you were raised with or did this develop out of experience / general personal exploration of the world?
[+] [-] swift|15 years ago|reply
[+] [-] uptown|15 years ago|reply
[+] [-] SeoxyS|15 years ago|reply
Rather, I think the issue is the lack of a good backup strategy. Off-site, automated backups should have been in place. I've seen someone `rm -rf /var/mysql` and, after a heart attack, recover it. Your system should be rm-proof!
[+] [-] ericd|15 years ago|reply
[+] [-] Confusion|15 years ago|reply
[+] [-] jemfinch|15 years ago|reply
[+] [-] robryan|15 years ago|reply
[+] [-] mbreese|15 years ago|reply
[+] [-] shadowpwner|15 years ago|reply
[+] [-] Gorm-Casper|15 years ago|reply
[+] [-] Splines|15 years ago|reply
[+] [-] daemin|15 years ago|reply
[+] [-] tlrobinson|15 years ago|reply
[+] [-] dzorz|15 years ago|reply
[+] [-] ctdonath|15 years ago|reply
[+] [-] monological|15 years ago|reply