Bank of America Breach Leads Roundup

Spokesman says Systems Not Compromised, Data Secure
Bank of America Breach Leads Roundup

In this week's breach roundup, hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party. Also, a Texas resident was convicted March 1 for conspiring to hack into his former employer's computer network.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

BofA Confirms Third-Party Breach

Hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party.

"The data was retrieved from an Israeli server in Tel Aviv," says the hacktivist group Par:AnoIA, part of the Anonymous Intelligence Agency, in a release issued Feb. 27. The group says it released 14 gigabytes of data, code and software related to BofA, Bloomberg, Thomson Reuters, TEKSystems and ClearForest.

Bank of America, in a March 5 response to BankInfoSecurity, confirms a third-party compromise is to blame for the data leak, although it does not identify the company that was breached. "This company was working on a pilot program for monitoring publicly available information to identify information security threats," states BofA spokesman Mark Pipitone. "Bank of America systems were not compromised. Our customer data is secure."

Man Convicted for Hacking Computer Network

A Texas resident was convicted March 1 for conspiring to hack into his former employer's computer network.

Michael Musacchio of Plano, Texas was found guilty of one felony count of conspiracy to make unauthorized access to a protected computer and two substantive felony counts of hacking, according to a release issued by the Federal Bureau of Investigation.

Musacchio, who was the president of Exel Transportation Services from 2002 to 2004, left in 2004 to form a competing company, Total Transportation Services. Exel is a third party logistics or intermodal transportation company that facilitates links between shippers and common carriers in the manufacturing, retail and consumer industries.

Two other employees from Exel also left to join Musacchio's new company.

Between 2004 and 2006, the three former Exel employees engaged in a scheme to hack into Exel's computer system for the purpose of conducting corporate espionage, the FBI release explained.

"Through their repeated unauthorized accesses into Exel's e-mail accounts, the co-conspirators were able to obtain Exel's confidential and proprietary business information and use it to benefit themselves and their new employer," the release said.

Musacchio is scheduled to be sentenced on June 14, 2013. The two other men entered guilty pleas and are awaiting sentencing.

Evernote Archiving Service Hacked

Online note-taking and archiving service Evernote says a breach that occurred late last week exposed some of its 50 million customers' usernames, e-mail addresses and encrypted passwords, and is requiring customers to reset their passwords. Evernote says its passwords are one-way encrypted - in technical terms, they're hashed and salted.

Chief Technology Officer Dave Engberg, in a company blog, says its security team had found no evidence that any of the content customers stored in Evernote was accessed, changed or lost. Engberg also says the company has no evidence that payment information for Evernote Premium or Evernote Business customers was accessed.

"While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure," Engberg says, referring to the passwords' resets.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.