Disney's earnings leak sprung from Goofy mistake

November 24, 2010 By RYAN NAKASHIMA and JORDAN ROBERTSON , AP Business Writers

(AP) -- The Walt Disney Co.'s early release of its earnings report this month came down to a Dumbo move: The company made the information accessible through an easy-to-guess Web address.

Disney didn't plan on posting the link on its website until after the market closed. But a reporter at Bloomberg News found it with simple Internet sleuthing and reported results about a half-hour before the scheduled release, according to a person familiar with Bloomberg's practices. The person was not authorized to speak publicly and spoke on condition of anonymity.

"The error is using security by obscurity, as they say, which means hiding the data instead of really securing it," said Michael Cote, a analyst with technology research firm RedMonk. "It's like putting your valuables under the bed instead of in a safe."

That type of mistake wasn't limited to Disney.

Six days after Disney's Nov. 11 gaffe, the same set of Bloomberg headline writers in New York pulled a similar trick on company Inc. and reported the financial results more than an hour before the market closed, when earnings are typically released.

Nasdaq officials halted trading in NetApp temporarily after the stock fell 9 percent within a half-hour after the first report went out. Disney's stock fell nearly 5 percent in about four minutes. In both cases, shares have recovered since then.

The team searched for the reports by taking the Web addresses from previous quarters and changing the last few characters to correspond to the quarter about to be reported, the person said.

In Disney's case, the Web address to each quarterly report contains the current year followed by the quarter, as in "q3." The reporters simply guessed that the new release would be posted under "q4" for the fiscal fourth quarter. The address worked, even though a link to it hadn't been published on Disney's website. The technique required no password or any computer break-in.

characterized the companies' failure to protect such valuable information as careless lapses.

"It's just a tragically dumb move," Cote said.

He said large companies should have enough software in place to avoid these kinds of errors, and when they happen, it is likely because of a human mistake.

Disney and NetApp both scrambled to send out their releases well before the scheduled time to contain the damage.

Bloomberg spokesman Ty Trippet said the company's reporters "found the earnings releases publicly available on the companies' official websites" and contacted the companies in an attempt to verify the information before sending out its reports.

Securities and Exchange Commission spokesman John Nester would not say whether the agency had started an investigation.

It's unlikely the companies breached fair disclosure or insider trading rules because they did not actively distribute the information, and by virtue of a media outlet picking it up, the information then became public. Although trading firms might also have deduced the names of the hidden links, a minute-by-minute look at trading activity suggests that in both cases, big stock moves didn't take place before the Bloomberg reports went out.

Earnings leaks are serious business. This year, Disney cooperated with federal officials to arrest an assistant to a top executive who tried to sell early access to earnings results to investment companies. The woman, who was caught before she succeeded, pleaded guilty in September to conspiracy to commit securities fraud and wire fraud charges.

Disney spokesman Jonathan Friedland said the company has "yet to complete our investigation" of the most recent leak.

NetApp said "someone improperly accessed information that NetApp had not made public."

"We are changing our processes to ensure that this does not happen again," NetApp said in a statement.

When mistakes like this happen, it's likely that company employees were unaware that reporters might check for these kinds of things, said Sam Hartman, principal consultant with Painless Security, who has helped companies design Web publishing tools and strategies for access control.

He recommended that companies at least vary file names so that replacing a number at the end of a wouldn't be enough to find hidden files. Simply changing a number and hoping no one finds it, he said, "is unlikely to be viewed as an effective means of access control."

Ethically, Bloomberg's sharp-elbowed actions in a competitive field didn't sound off alarm bells, said Rick Edmonds, media business analyst at The Poynter Institute, a journalism school in Florida.

He compared it to a reporter sitting in someone's office and reading through papers left on his desk when the interview subject leaves the room. "It's not the most praiseworthy practice, but I think a lot of people have done it."

Explore further: NetApp claims victory in bidding for Data Domain

0 shares

Related Stories

EMC counters NetApp bid for Data Domain

June 1, 2009

US computer storage giant EMC Corp. offered 1.8 billion dollars on Monday for Data Domain in a bid to counter a rival offer for the data storage company from NetApp.

NetApp to buy Data Domain in $1.5 billion deal

May 21, 2009

(AP) -- Data storage company NetApp Inc. said Wednesday it agreed to buy data backup and disaster recovery systems provider Data Domain Inc. for $25 per share in cash and stock, or about $1.5 billion.

EMC wins bid contest in $2.1B deal for Data Domain

July 8, 2009

(AP) -- For the last month and a half, a fierce bidding contest has lit up a staid but increasingly critical part of the computing world. On Wednesday, EMC Corp. walked away with the prize.

EMC raises offer for Data Domain

July 6, 2009

Computer storage giant EMC raised its offer to purchase data storage firm Data Domain on Monday in a bid to top a rival offer for the company by data management firm NetApp.

Disney to buy social-gaming site Playdom

July 27, 2010

(AP) -- The Walt Disney Co. is buying online social-gaming company Playdom for $563.2 million, the latest sign the company is becoming a formidable player in the video-game industry.

Recommended for you

Samsung to disable Note 7 phones in recall effort

December 9, 2016

Samsung announced Friday it would disable its Galaxy Note 7 smartphones in the US market to force remaining owners to stop using the devices, which were recalled for safety reasons.

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

tarheelchief
not rated yet Nov 25, 2010
How can anyone believe the accountants from Hollywood?Many films which have grossed $700 million dollars never paid a royalty to writers,directors,or stars. Amazing at it may seem,the opening credits show at least six levels of thieves create a single picture. Many movies have more bureaucracies than the Federal Reserve System and all levels take their " share".
Disney shareholders cannot get dividends until the executives get their billion off the top.
Jmaximus
not rated yet Nov 26, 2010
Disney was built upon stories stolen from Grimm Fairy Tales then claimed as their own copyrighted material. Also they pressured law makers to extend copyright protection to a ridiculous amount of time to protect Mickey Mouse. No copyright should be any longer than a patent.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.