Through the GRC Lens: November

Introduction

Marriott’s massive data breach, Nissan chairman Carlos Ghosn’s arrest, and the CEO exit of Walmart’s India acquisition — here’s a round-up of November’s top GRC news headlines.

Marriott Discloses One of the Biggest Data Breaches in History

November saw yet another data breach. This time, it was the hospitality industry that fell victim to hackers — Reuters reported that a data breach at one of Marriott International’s M&A ventures, Starwood properties, may have exposed the personal details of up to 500 million guests.

The colossal breach — second only to Yahoo’s 2013 incident that saw the personal information of three billion users stolen — included sensitive details such as passport numbers and payment-card numbers in addition to addresses and travel details, reported the Journal.

In an investigative report from the Journal, security experts weighed in on the data breach  saying that Marriott could have done more to investigate a 2015 incident to find hackers that lurked in their systems.

Unsurprisingly, Marriott will face scrutiny from regulators around the world. A fine in Europe may be likely with the European Union’s tough new data protection law, GDPR.

Nissan’s Chairman Carlos Ghosn Is Arrested in Japan for Under-reporting His Earnings

In a shocking downfall for one of the automotive industry’s most powerful and admired leaders, Nissan’s chairman Carlos Ghosn was arrested in Japan on allegations of under-reporting his earnings for several years. Mr. Ghosn was widely hailed as Nissan’s savior when he rescued the company from near-bankruptcy and created the Renault-Nissan-Mitsubishi alliance, making it effectively the world’s largest carmaker. Reports suggest that Mr. Ghosn may have violated Japanese securities law by deferring compensation.

The incident has sent shockwaves rippling through an industry that is facing an economic downturn, a global trade war, and the shift to electric cars. Mr. Ghosn’s arrest also comes at a time when executive pay is being questioned by the public and regulators.

CEO of Walmart’s Big Bet in India Resigns Over Allegations of Sexual Misconduct

The chief executive of Flipkart, Walmart’s latest acquisition, stepped down in November following an internal probe into allegations of “serious personal misconduct”.

Coming along the heels of the departure of Flipkart’s other founder, Sachin Bansal, from the company, the news of Binny Bansal’s exit took many by surprise.  The Wall Street Journal reported that Walmart opened an investigation into Mr. Bansal’s conduct after a former employee came forward with claims that he had sexually assaulted her in 2016.

The incident was also apparently not disclosed by Mr. Bansal during the negotiations to sell Flipkart to Walmart. Though Walmart’s internal investigation did not find any evidence to corroborate the complaint against Mr. Bansal, it is said to have revealed poor judgement calls from the former CEO that included the hiring of two private security firms at the end of 2016, “to make this matter go away.”

November’s Takeaways

Despite scandals such as Facebook’s Cambridge Analytica, organizations seem to be left wanting in their detection and response time to data privacy issues. The Marriott incident is the latest in a spate of cyberattacks to hit businesses after the British Airways hack and goes to show that no industry is safe from bad actors looking to steal personal information.

The Carlos Ghosn incident highlights the need for thorough due diligence and compliance programs that can help ensure both adequate awareness of local laws and regulations, as well as adherence to them.

And in the light of movements such as #MeToo and Time’s Up, Walmart’s episode with Flipkart’s CEO is another reminder that for corporate leaders, the line between their private and professional lives is often blurry, and they can be held accountable for their actions in both.