Bank of America Breach Leads Roundup
Spokesman says Systems Not Compromised, Data SecureIn this week's breach roundup, hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party. Also, a Texas resident was convicted March 1 for conspiring to hack into his former employer's computer network.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
BofA Confirms Third-Party Breach
Hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party.
"The data was retrieved from an Israeli server in Tel Aviv," says the hacktivist group Par:AnoIA, part of the Anonymous Intelligence Agency, in a release issued Feb. 27. The group says it released 14 gigabytes of data, code and software related to BofA, Bloomberg, Thomson Reuters, TEKSystems and ClearForest.
Bank of America, in a March 5 response to BankInfoSecurity, confirms a third-party compromise is to blame for the data leak, although it does not identify the company that was breached. "This company was working on a pilot program for monitoring publicly available information to identify information security threats," states BofA spokesman Mark Pipitone. "Bank of America systems were not compromised. Our customer data is secure."
Man Convicted for Hacking Computer Network
A Texas resident was convicted March 1 for conspiring to hack into his former employer's computer network.
Michael Musacchio of Plano, Texas was found guilty of one felony count of conspiracy to make unauthorized access to a protected computer and two substantive felony counts of hacking, according to a release issued by the Federal Bureau of Investigation.
Musacchio, who was the president of Exel Transportation Services from 2002 to 2004, left in 2004 to form a competing company, Total Transportation Services. Exel is a third party logistics or intermodal transportation company that facilitates links between shippers and common carriers in the manufacturing, retail and consumer industries.
Two other employees from Exel also left to join Musacchio's new company.
Between 2004 and 2006, the three former Exel employees engaged in a scheme to hack into Exel's computer system for the purpose of conducting corporate espionage, the FBI release explained.
"Through their repeated unauthorized accesses into Exel's e-mail accounts, the co-conspirators were able to obtain Exel's confidential and proprietary business information and use it to benefit themselves and their new employer," the release said.
Musacchio is scheduled to be sentenced on June 14, 2013. The two other men entered guilty pleas and are awaiting sentencing.
Evernote Archiving Service Hacked
Online note-taking and archiving service Evernote says a breach that occurred late last week exposed some of its 50 million customers' usernames, e-mail addresses and encrypted passwords, and is requiring customers to reset their passwords. Evernote says its passwords are one-way encrypted - in technical terms, they're hashed and salted.
Chief Technology Officer Dave Engberg, in a company blog, says its security team had found no evidence that any of the content customers stored in Evernote was accessed, changed or lost. Engberg also says the company has no evidence that payment information for Evernote Premium or Evernote Business customers was accessed.
"While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure," Engberg says, referring to the passwords' resets.