Should hacked companies publicize their losses?
When hackers crack into a Fortune 500 company, they’re usually not there to post funny cat pictures on the servers. With proper skills and timing, the right group of hackers can steal millions of dollars worth of intellectual property and sideline billion-dollar business deals. What’s even more impressive is that they can usually do so without the company even realizing that data have been compromised. But when firms do know, they probably feel a little bit silly and they often sweep all of the evidence under the rug when it comes time to make disclosures to their shareholders about what’s been happening at the company. By law, they don’t have to say a word about hacker attacks, regardless of how much it might’ve cost their bottom line.
Take Coca-Cola, for instance. This week, Bloomberg dug up the details of what might’ve been a catastrophic hack at Coca-Cola back in 2009, when the sugar water dealer was in the final stages of acquiring China’s Huiyuan Juice Group for $2.4 billion. The deal was first announced on September 3, 2008, and at the time, deputy president of Coca-Cola’s Pacific Group Paul Etchells said he was confident that Chinese anti-trust officials would give the acquisition the go-ahead. A State Department cable obtained and released by WikiLeaks shows that Coke met with China’s Ministry of Commerce a dozen times and with regulators 18 times. Then the hackers showed up.