Artificial intelligence startup Clarifai failed to report that it had been hacked by Russian operatives while it was working on the Defence Department's Maven project, according to a lawsuit filed by former Clarifai employee and Air Force Capt. Amy Liu.
Liu said that when she asked the company to report the incident, she was fired, according to a report by Wired. Clarifai had reportedly snagged the six-month, US$ 7 million (£5.3 million) Maven contract from the Pentagon to analyse drone footage, along with Google who were working under a separate contract.
Wired obtained an incident report saying the company's code and customer data could have fallen prey to malware from Russia in November 2017.
“The Clarifai breach demonstrates an issue that has become a problem for large enterprises managing third-party risk. When a company has thousands of third parties in their digital ecosystem, there will invariably be differences in the level or risk each of those third parties introduce,” said Fred Kneip, CEO at CyberGRX. “That's why assessments that measure the maturity of security controls and procedures, which cast light on how a third party will manage a breach, are so important. Organisations need to understand not only which third parties are most likely to be breached, but which have the processes in place to handle a breach effectively.”
Recently it was reported that hackers from the Chinese Ministry of State Security who broke into the systems of a contractor working for the U.S. Naval Undersea Warfare Center stole 614GB of sensitive information, including plans for a supersonic anti-ship missile to be launched from a submarine.