Should the U.S. Require Companies to Report Breaches?

There are two things we can count on in the wake of the Equifax breach, already credited with exposing a majority of American adults to the possibility of identity theft. The first is that more and potentially worse breaches are in our future. The second is that companies will need to be prodded toward smarter cybersecurity practices and faster reporting of breaches.

Details of the breach -- which Equifax said it discovered in late July -- have only recently been revealed by the credit-reporting company and by Mandiant, the cyber forensics firm it hired. However, the enormous loss of data appears to have been the result of an unpatched vulnerability, which allowed hackers to roam freely inside Equifax's computer network for more than four months. (In a report, Equifax said it "took efforts" to fix the compromised system.)

The Federal Trade Commission and the Federal Bureau of Investigation are investigating, and the first of what's expected to be a wave of lawsuits by state attorneys general has already been filed. But punishing Equifax isn't the same as minimizing the impact of similar disasters. For that, we're going to need something anathema to the tech industry and especially companies that have been hacked: transparency. read more »

Cambridge-based biotech agrees to pay more than $35m to settle charges

A Cambridge biopharmaceutical company Friday agreed to pay more than $35 million to resolve criminal and civil charges that it marketed an expensive drug as a therapy for ordinary high cholesterol even though it was intended only to treat elevated cholesterol levels stemming from a rare and life-threatening genetic disease. read more »

Unfit Uber stripped of London license

London deemed Uber unfit to run a taxi service on Friday and stripped it of its license to operate from the end of next week in a major blow to the U.S. firm and 3.5 million users in one of the world’s wealthiest cities.

The capital’s transport regulator said the Silicon Valley technology giant’s approach and conduct was not fit and proper to hold a private vehicle hire license and it would not be renewed when it expires on Sept. 30.

Uber [UBER.UL], which has 40,000 drivers working in the capital, said it would contest the decision. Regulator Transport for London (TfL) said it would let Uber operate until the appeals process is exhausted, which could take months.

“Uber’s approach and conduct demonstrate a lack of corporate responsibility in relation to a number of issues which have potential public safety and security implications,” TfL said. read more »

Kentucky psychologist gets 25 years in prison for $550 million disability fraud

A former clinical psychologist in Kentucky was sentenced to 25 years in prison on Friday for what prosecutors said was his role in a scheme to fraudulently obtain $550 million in federal disability payments for thousands of people.

Alfred Adkins, 46, was sentenced by U.S. District Judge Danny Reeves in Lexington, Kentucky, after a federal jury in June found him guilty of charges including conspiracy, mail fraud and wire fraud, the U.S. Justice Department said. read more »

Regulator Wants Financial Industry to Self-Report Wrongdoing

After years as a sleepy federal backwater, the Commodity Futures Trading Commission became one of Wall Street’s most aggressive watchdogs during the Barack Obama administration.

Now the agency — which is responsible for policing a broad swath of markets and financial machinery, from trading in commodities to digital currencies to the complex derivatives that helped torpedo the financial system in 2008 — is shifting its law enforcement strategy: It will increasingly look to banks and other financial institutions to come clean on their own about misconduct and problems in the market.

The commission’s director of enforcement, James McDonald, plans to unveil the new framework in a speech Monday night at New York University. It is premised on the idea that large financial institutions, given the right incentives, have the potential to be invaluable partners for law enforcement. read more »

SolarCity agrees to settle government fraud claims

SolarCity has agreed to pay $29.5 million to settle long-running claims it overcharged the federal government for rebates on solar systems installed between 2009 and 2013.

The settlement ends a five-year battle between federal regulators and the solar system installer, now a subsidiary of Tesla, over payments from the American Recovery and Reinvestment Act. The program was part of President Barack Obama’s stimulus package to boost the economy following the 2008 financial crisis.

“This program expired, but this settlement demonstrates that the government will still hold accountable those who sought to take improper advantage of government programs at the expense of American taxpayers,” acting Assistant Attorney General Chad Readler said in a statement announcing the settlement on Friday.  read more »