Global intelligence analysis and consulting firm Stratfor recently relaunched its website for the first time following a cyberattack it suffered at the hands of hackers associated with Anonymous on Christmas Eve.
Company officials had previous announced their intentions to complete a thorough internal audit of data security systems before reinstating Stratfor's website. Such an audit apparently has been carried out as the web page returned on January 11 – nearly two and a half weeks after the December 24 incident.
The investigation also apparently turned up somewhat shocking evidence that Stratfor had not properly secured the information that was stolen. In a telephone interview with the Associated Press, chief executive officer George Friedman said his company had committed a grave mistake in failing to encrypt customer and other data.
“It was a truly unforgivable failure and I feel awful about it,” Friedman said. “Sometimes in rapid growth, you make a mistake. That’s not an excuse, that’s not a justification … It’s an explanation.”
And though the more publicized incident occurred during the Christmas weekend, Friedman acknowledged that an early hack of the company's website had raised red flags with the FBI. He met with officials from the bureau in early December after it had been confirmed that credit card information had been stolen.
Friedman told the AP that the FBI instituted a gag-order of sorts to keep the extent of the damage quiet.
“We were caught between a very difficult situation where the FBI had control of the investigation and expected certain care in that investigation – and the need to protect our customers,” Friedman said, according to the AP. “What little we could do, we did.”
Now, widespread changes are taking place to ensure that similar incidents can be avoided in the future. Specifically, Stratfor is shifting all of its ecommerce systems to a third-party solutions provider to eliminate its need to store payment card and other customer data, the AP reported.
The company also contracted with a new Internet security firm that completely rebuilt Stratfor's website, email system and internal IT infrastructure from the ground up.
These new revelations could certainly add to the damage already inflicted on Stratfor's reputation. Not only did the hackers steal the customer information, but they also posted the data on public websites, exposing all who have used Stratfor's services and purchased its publications.
Data Security News from SimplySecurity.com by Trend Micro