Thread regarding Wells Fargo & Co. layoffs

It’s a breach. If something is out of compliance, you come up with a procedure, test it, then schedule it to avoid overloading the system. You don’t throw something together and demand immediate action.

The decision to reset RSA pins and require password changes is part of a team-building exercise rather than a response to a technical or security concern. It's likely that Wells Fargo executive leadership recognize the importance of teamwork and communication within the organization by introducing the initiative to encourage employees to interact and collaborate with colleagues from different departments. The RSA pin reset and password change will become a symbolic component of this initiative, designed to create a shared experience among employees. #wearetogether #wearefargo

I wonder how much “risk” was created by people not being able to login to their computers at the beginning of the week, I know of some who could not login at all yesterday.

None for people who RTO

@1mji+1qB5kEn6

I've had a "PIN" for many years, and at least one letter and one number was always required in the past and still is now. Not sure what change you're talking about.

@1mji+1qB5kEn6 Oh great- no breach, just gross operational incompetence!

I wonder how much “risk” was created by people not being able to login to their computers at the beginning of the week, I know of some who could not login at all yesterday. All because the administrators made a mistake and then had to meet some arbitrary deadline.

Again, it wasn’t related to a breach.

The policy on RSA token PINs was changed sometime ago, to use more than just one character type. But the ball was dropped on enforcement of this policy.

It was flagged and in order to meet a compliance deadline of 1/16, everyone was forced to change their PINs. The team who manages SecureID sc--wed up badly and would have started showing up on some reports for being out of compliance today had they not rushed that forced PIN change on everyone.

They had to provide evidence they were enforcing the new policy. They hadn’t been, so this caused their mad scramble.

Who is gonna be held accountable for this gross negligence?

Also received the same notice 1/12. Me and another colleague have noticed that our pulse secure has been kicking us off numerous times throughout the day in the last few weeks suddenly… I wonder if the two are connected/related.

After several failed attempts, I was able to change my pin. At least, the web site reported success. Doesn’t work, but the old one still does. Tomorrow should be interesting for anyone needing to use 2fa

If it was just a compliance issue, the requirement would be scheduled to prevent overloading the RSA servers

I got the email to change my RSA token PIN today...but I was in the office today...using my virtual desktop with no need to bring my laptop or RSA token. Seriously, no notice? Something is driving that urgency.

If it’s cuz of the workers in India, I’ll be laughing my a-s off at Charlie and the board.

It’s a breach. If it wasn’t, the urgency wouldn’t be as severe so as to permit everyone involved a smooth transition.

Only thing breached was Charlie’s pants by the Federal Reserve.

I thought I saw a notice this morning on MyIT that all WF India resources had to do a mandatory password reset also. Can anyone confirm?

If so, that's a heck of a co-winky-di-k.

Why does this stupid sht always happen on a Monday or the day after a holiday?

Who is charge of risk in this freagin circus and why do they still have a job?

Major security failure! You’ll see it in the headlines.

@zzb how many other "policies" has Wells enacted with a for day timeline from announcement to completion?

This is SOP for emergency patches, which the exploit appears to be treated as. It has nothing to do with updated policies.

There was no breach. You’ll hear about it later.

• The Folks that did it.

Xoxo

The silence from our own internal news tells me they are working hard on concocting an explanation that will not to hurt any feelings.

If no breach, then why the sense of urgency?

The POS tool to reset the PIN didn’t even work the first few times I tried it, but I guess they fixed it as I was finally able to change it just now.

Thank you, Wells Fargo. So much for efficiency.

@zzb+1qB5kEn6

The RSA password requirements haven't changed though. Also, India now has to change all their ADent pws. Something is smelling breachy.

@vll+1qB5kEn6
I’d guess there are more non-layoff post than there are layoffs.
But since you are playing role of admin please delete all non-layoffs post or contribute something useful

OP this has nothing to do with layoffs.

perhaps an email would have been better than a post on Teamworks with a due date of today

There is no breach. It’s to force compliance on updated policies. Too many old PINs aren’t compliant with the newish policy.

And it continues:)

Can’t change mine-“server error”

#wellsfargoshitshow

Saw the Teamworks notice on Friday (1/12) and did it on the spot. Short notice considering the holiday weekend. Wonder what shenanigans were afoot?🧐