The brokerage house, Benjamin F. Edwards & Co., announced this week that they had suffered a data breach. May 24, 2014 they had their computer systems compromised by an unauthorized third party. The breach was discovered three days later on May 27, 2014. On June 27, they started sending out breach notification letters to their customers. The company is offering affected customers identity protection, fraud protection and credit monitoring for 12 months at no cost.
It turns out that the issue that lead to the data breach was a CryptoWall malware infection. This additional information was included in the New Hampshire disclosure notice. Here is the quote:
"In more detail, an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common Cryptolocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address."
Do not let this happen to you. Step your users through effective Kevin Mitnick Security Awareness Training and send them our automated simulated phishing attacks at least once a month. We feel so confident this will stop users from opening infected attachments that we will pay your crypto-ransom if you get hit! Find out how affordable this is for your organization.