Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
MasterCard Says Moral And Ethical Pillar Nike Reconfigured Its Network Using "Confidential Information"
15 views
Skip to first unread message
Julius
May 1, 2015, 4:54:36 AM5/1/15
to
MasterCard International Inc. filed new charges in its breach of
contract lawsuit against Nike Inc. and two former information
security employees, claiming ongoing IT damage at the credit
card company.
Among the new allegations, MasterCard says its former CISO,
William Dennings, “reconfigured Nike’s network to resemble that
of MasterCard using MasterCard’s confidential information,”
according to an amended complaint filed last Thursday. Mr.
Dennings and other former employees, who also joined Nike in
2013, “induced suppliers…to divert resources” from MasterCard,
according to the documents. That includes vendors that provide
incident response to “MasterCard’s emergency needs.” Additional
harms include “increased time and money to complete projects
[and] foregoing projects that no longer were capable of being
completed on a timely basis,” the amended suit claims.
MasterCard has demanded at least $5 million in damages.
In January, MasterCard sued Nike, Mr. Dennings and another
former security manager, Ryan Fusselman, charging that, with
Nike’s help, the individuals violated confidentiality and non-
solicitation agreements, as CIO Journal reported. The amended
complaint adds details about the colleagues allegedly lured away
– eight key employees in MasterCard’s 135-member information
security department.
Nike denied the original and new charges. “Nike has investigated
the claims brought by MasterCard, including those newly raised
in their amended complaint, and we believe that our employees
acted appropriately and the allegations are without merit,” a
company spokeswoman said in an emailed statement. MasterCard, in
a statement, said the “amended filing clarifies the violation
of non-solicitation and non-disclosure obligations of two former
employees.” The credit card company said Nike worked with the
employees “to solicit and hire seven more information security
employees from MasterCard in a span of just six months.”
The suit highlights a fight for scarce security talent as hacks
and breaches intensify. This case is unusual because such
disputes are rarely public or as acerbic, said Jim Lewis,
director and senior fellow at the strategic technologies program
at the Center for Strategic and International Studies.
Experienced information security professionals are lured
frequently to new jobs, Mr. Lewis said. “It’s usually more
fraternal among CISOs. They have generally cooperative
relationships because they never know who they have to work with
when they have a threat,” he said.
MasterCard’s allegation that resources at emergency response
vendors have been diverted is important, said Alan Paller,
director of research at SANS Institute, a security research
group. Companies build relationships with incident response
experts so that when a breach happens, help is quick and
effective, Mr. Paller said. “Once you lose that relationship,
you have to recreate it. It’s hard to do at the moment you’re
under attack,” he said.
In alleging that the two companies’ networks are now similar,
MasterCard appears to be trying to bolster its original claim
that the former employees used confidential MasterCard
information in their new positions at Nike, said an attorney who
specializes in data security cases who asked not to be named.
An unintended consequence may be that both companies might be
more vulnerable to hackers, Mr. Paller said. If attackers figure
out how to penetrate Nike’s systems, they might be able to raid
MasterCard, he said. And vice versa. “That’s MasterCard’s fault.
They made it public in their lawsuit,” he said.
The question is whether there is anything unique – beyond best
practices widely known in the industry — in how MasterCard had
created or configured its security systems, Mr. Lewis said.
“They may have a secret sauce and now Nike has it, too.”
Nike attorneys plan to file a motion to dismiss the case by
April 27, according to court documents.
http://blogs.wsj.com/cio/2015/03/31/mastercard-says-nike-
reconfigured-network-using-its-confidential-information/
contract lawsuit against Nike Inc. and two former information
security employees, claiming ongoing IT damage at the credit
card company.
Among the new allegations, MasterCard says its former CISO,
William Dennings, “reconfigured Nike’s network to resemble that
of MasterCard using MasterCard’s confidential information,”
according to an amended complaint filed last Thursday. Mr.
Dennings and other former employees, who also joined Nike in
2013, “induced suppliers…to divert resources” from MasterCard,
according to the documents. That includes vendors that provide
incident response to “MasterCard’s emergency needs.” Additional
harms include “increased time and money to complete projects
[and] foregoing projects that no longer were capable of being
completed on a timely basis,” the amended suit claims.
MasterCard has demanded at least $5 million in damages.
In January, MasterCard sued Nike, Mr. Dennings and another
former security manager, Ryan Fusselman, charging that, with
Nike’s help, the individuals violated confidentiality and non-
solicitation agreements, as CIO Journal reported. The amended
complaint adds details about the colleagues allegedly lured away
– eight key employees in MasterCard’s 135-member information
security department.
Nike denied the original and new charges. “Nike has investigated
the claims brought by MasterCard, including those newly raised
in their amended complaint, and we believe that our employees
acted appropriately and the allegations are without merit,” a
company spokeswoman said in an emailed statement. MasterCard, in
a statement, said the “amended filing clarifies the violation
of non-solicitation and non-disclosure obligations of two former
employees.” The credit card company said Nike worked with the
employees “to solicit and hire seven more information security
employees from MasterCard in a span of just six months.”
The suit highlights a fight for scarce security talent as hacks
and breaches intensify. This case is unusual because such
disputes are rarely public or as acerbic, said Jim Lewis,
director and senior fellow at the strategic technologies program
at the Center for Strategic and International Studies.
Experienced information security professionals are lured
frequently to new jobs, Mr. Lewis said. “It’s usually more
fraternal among CISOs. They have generally cooperative
relationships because they never know who they have to work with
when they have a threat,” he said.
MasterCard’s allegation that resources at emergency response
vendors have been diverted is important, said Alan Paller,
director of research at SANS Institute, a security research
group. Companies build relationships with incident response
experts so that when a breach happens, help is quick and
effective, Mr. Paller said. “Once you lose that relationship,
you have to recreate it. It’s hard to do at the moment you’re
under attack,” he said.
In alleging that the two companies’ networks are now similar,
MasterCard appears to be trying to bolster its original claim
that the former employees used confidential MasterCard
information in their new positions at Nike, said an attorney who
specializes in data security cases who asked not to be named.
An unintended consequence may be that both companies might be
more vulnerable to hackers, Mr. Paller said. If attackers figure
out how to penetrate Nike’s systems, they might be able to raid
MasterCard, he said. And vice versa. “That’s MasterCard’s fault.
They made it public in their lawsuit,” he said.
The question is whether there is anything unique – beyond best
practices widely known in the industry — in how MasterCard had
created or configured its security systems, Mr. Lewis said.
“They may have a secret sauce and now Nike has it, too.”
Nike attorneys plan to file a motion to dismiss the case by
April 27, according to court documents.
http://blogs.wsj.com/cio/2015/03/31/mastercard-says-nike-
reconfigured-network-using-its-confidential-information/
0 new messages