On August 26th, 1896, Khalid bin Barghash felt smug. The British forces off the coast of Zanzibar had told him they would attack at 9am the following morning unless he abdicated his position as sultan.
Having just assumed the throne a day prior, following the suspicious death of his predecessor, he was in no mood to do so. Instead, he called the bluff of the British forces, and said he didn’t believe they would attack.
At 9am the next day, the British duly attacked. In just 38 minutes, the Anglo-Zanzibar war was over and Khalid bin Barghash had just lost the shortest known war in history.
Oracle’s executives could have learned from his hubris, especially given how extraordinarily unjustified it was. Lost in the sea of news relating to the US imposition of tariffs, was Oracle’s denial and subsequent admission, of sorts, about a pair of enormous data breaches.
The first was revealed by the perpetrator on March 20th. They claimed to have accessed six million records on Oracle’s servers, including copies of encrypted passwords, security certificates and more.
Oracle appeared to deny it and so, the perpetrator sent a sample of 10,000 such records to a security company. This organisation subsequently checked with the customers affected, who confirmed the data appeared legitimate.
It gets worse. The hole the attacker used appears to have been known for years and Oracle failed to patch it.
Naturally, it gets even worse. A separate attack appears to have compromised patient data of healthcare customers of Oracle. Reuters has reported that the FBI in the US is investigating the incident.
Of course, it gets worse yet again. Jake Williams, an Infosec expert, has claimed that Oracle is using the Internet Archive’s Wayback Machine, a tool commonly used to find old versions of web pages, to remove evidence of the intrusion.
Somehow, yes, it gets even worse. Oracle, an utter behemoth in tech with a market cap of €328 billion, has been handling this with a level of PR ineptitude that would make the 1990s blush.
The shush-and-make-it-go-away approach to IT security didn’t work then and it’s downright calamitous now. Oracle’s share price has dropped by more than a sixth since news of the first breach broke, with the slide beginning before everything else in global markets started tumbling.
The one saving grace for any company that has been involved in a serious breach in recent years has been a clear rush to admit to it and address it. This transparency hasn’t fully insulated such businesses from a market response but it has lessened the impact.
Oracle has pratfalled into having a years-long snafu that it failed to address being made public. It denied it and had that denial rubbished by the very person who told them what had happened. The efforts to distract people by Oracle were ineffective, although the US president then did them a favour by making the world focus on him.
Should the allegations of deception be shown to hold any water, it will be a rare triple-threat of terrible decision-making by the tech giant.
Legal proceedings have been filed in Texas against Oracle. The class-action lawsuit, filed by Shamis & Gentile, has Michael Toickach, a resident of Florida, as the named plaintiff.
[ How many Ciara O’Briens does it take to start taking personal data seriously?Opens in new window ]
The lawsuit has been filed in Texas, where Oracle’s headquarters are. The plaintiffs allege that Oracle violated Texas state law by not informing customers there of a breach within 60 days of becoming aware of one.
All the while, Oracle is fumbling in the background hoping this will go away, despite decades of evidence to show that is the least likely outcome for the tech giant.
A breach, even two as serious as those faced by Oracle in recent weeks, shouldn’t be this big a disaster for a company. It’s the hubris and failure to communicate in anything approaching an adequate way that has made this an enormous problem for the business.
The one bit of advice any company, especially those in Irish businesses reading this, can take from this is to admit when things go wrong. Had Oracle held their hands up and shown action to address the problem, then there would have been a reaction but probably one far tamer than what has, and will, come.
For decades, the Anglo-Zanzibar war was a long forgotten footnote from the awful acts of European colonialists. The novelty of its brevity meant it resurfaced in popular history in more recent times.
Oracle’s missteps might have gone somewhat unnoticed by the wider world for now but, in time, the impact may be truly terrible for the tech titan.
