Case in point, the hacking of the MTA in New York City, which was caused by lapses at a private equity (PE) owned software firm.
PE is not about building a good company, long term success, or security. It’s about pump and dump, and security is a cost that you can cut to juice your numbers before they sell out the company.
It’s all pump and dump:
Oh look, a hack of the New York subway system.
A hacking group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach.
These hacks are becoming commonplace, but it’s not just because everything is connected to the internet. It turns out, hackers got in through commercial software.
To gain access to the M.T.A. and other systems, the hackers took advantage of vulnerabilities in Pulse Connect Secure, a widely used connectivity tool that offers workers remote access to their employers’ networks.
Pulse Connect Secure is owned by Ivanti, a software roll-up owned by private equity firms Clearlake Capital Group, L.P. and TA Associates. I’ve written about the dangers of private equity owning cybersecurity firms – Solar Winds was such a case. (In fact, Thoma Bravo partners – which owns Solar Winds – continues to snap up cybersecurity and compliance firms such as Proofpoint.)
I’ve gone through job reviews on Glassdoor and Indeed, and Ivanti seems to be a typical PE roll-up, ruining the product quality, offshoring jobs and firing people, and just generally destroying enterprise value. Here’s a typical review.
PE takeovers are frequently followed up by the collapse of the firms (usually) after the PE pukes have gotten their vigorish.
We really need to change bankruptcy laws so that these crooks aren’t able to leave someone else holding the bag.