The Rippleshot Data Breach Blog

Data Breach Ripples: Week of November 13

Written by Zach Walker | Nov 13, 2015 7:00:00 PM

In this week's issue, Arrests In JP Morgan, eTrade and Scottrade Hacks, TouchNote Suffers Data Breach, Hospital To Pay $90,000 Over Laptop Theft, Islamic State Leaks More Than 50,000 Twitter Accounts, and in this week's Rippleshot content, we take a look at the disparity between when a data breach is discovered, to when the justice is delivered to those responosible.

Arrests in jpmorgan, etrade and scottrade hacks

U.S. federal prosecutors in Atlanta and New York announced earlier this week that multiple indictments and arrests against five individuals in connection with hackings at JPMorgan Chase, eTrade and Scottrade. The indictments are in connection with a vast cybercrime network with the intent to artificially manipulate the price of specific publicly traded U.S. stocks. The defendants allegedly acquired a substantial stake in target companies by buying large quantities of low-priced stocks, looking to capitalize on price changes in said stocks. From approximately 2007 to 2015, these men allegedly laundered hundreds of millions of dollars from this cybercrime network.

TouchNote Postcard App Suffers Data Breach 

Touchnote, a company that lets people turn their photos into postcards, has been the latest victim of data breach. Last week, Touchnote received information that a theft involving an unknown number of its customers’ data had occurred. The personal information stolen included customer names, email addresses, mailing addresses, as well as the card recipient’s name and postal address. In a statement released by the company, Touchnote does not store full credit or debit card numbers with exception of the last 4 digits of payment card numbers.

EMC, Hospital to pay $90,000 over data theft from stolen laptop

EMC and a hospital based in Connecticut have agreed to pay the state of Connecticut $90,000 in regards to a 2012 theft of a hospital laptop containing unencrypted patient information. In 2012, Hartford Hospital began notifying patients that an employee’s laptop containing protected health information (PHI) was stolen. The laptop contained unencrypted information on over 2,000 Hartford Hospital patients, including Social Security numbers. Nearly three years later, Hartford Hospital and EMC Corporation, which was contacted by Hartford Hospital, signed an “Assurance of Voluntary Compliance” agreement, agreeing to pay the $90,000 to resolve the state’s investigation. The stolen laptop has not been found to this day and the agreement signed by both companies is not to be considered an admission of any alleged violations relating to incident.

Islamic state leaked more than 54,000 twitter account credentials  

The Islamic State group Cyber Caliphate has released the account credentials of more than 54,000 Twitter accounts on Sunday in retaliation for a drone attack that killed one of the terror group’s members. The group reportedly used the stolen information to spread the Islamic State’s propaganda and allegedly released the cell phone numbers of the heads of the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI) and National Security Agency (NSA). It appears that the majority list of Twitter credentials was compromised of users in Syria, with alleged users based in the U.K.

Rippleshot Content: WHy The delay in Finding and prosecuting data breach culprits? 

In this week's Rippleshot content, we look for some of main reasons as to why there is such a delay between when a data breach has been detected and when those responsible for the cybercrime are brought to justice. With each data breach different than the last, that time varies depending on a few factors. We will look at the Heartland Payment System breach back in 2007, the Target data breach in 2013 and two recent data breaches that have seen indictments against alleged cybercriminals. 

Click here to read more.


SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.