BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Drake International the latest victim of hacking, extortion scheme against companies

From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 10 Jan 2013 13:09:19 -0500
http://business.financialpost.com/2013/01/09/drake-international-confirms-database-with-user-information-hacked/

Drake International, the Canadian-based job placement firm, confirmed
Wednesday that it has been the victim of a hacking scheme by a group
seeking to extort payment in exchange for not releasing the personal
information of people who have used Drake’s services.

With offices in nine countries, Drake has become the latest victim in
an increasingly common racket where companies face extortion threats
from shadowy groups of hackers after a security breach. It’s a problem
that may be too big for many businesses to solve themselves, but one
they must address, or they face the risk of damage to their
reputations and a potential loss of business.

In the end I guess they’re bracing for the pain, but they’re doing the
right thing

Some “hacktivists,” such as the group that calls itself Anonymous,
claim a moral or social purpose for their activities, seeking to bring
corruption to light or hold governments’ feet to the fire.

Others are just in it for the money.

The hackers that contacted Drake on Monday, made their threats public
Wednesday through the social media site Twitter, linking to a website
where they outlined their demands for $50,000 to keep the stolen
information private. They claim to have data on users from Canada,
Australia, the United Kingdom and New Zealand.

Tony Scala, vice-president of marketing and client service at Drake,
confirmed that the hackers had obtained names, email addresses, phone
numbers and even passwords. He said the company would be contacting
its affected users by email, suggesting that they change their
passwords. Drake has been in touch with police and has no plans to
negotiate with the hackers, he said.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: