Barclays Breach Leads RoundupBank Confirms Customer Info Compromised
In this week's breach roundup, Barclays is investigating a breach that affected certain customers of its now-defunct financial planning business. Also, a St. Louis, Mo., man has been sentenced for his role in a cyber-attack on a Koch Industries subsidiary website.
See Also: The Global State of Online Digital Trust
Barclays Customer Data Stolen
Barclays is investigating a breach that affected certain customers of its now-defunct Barclays Financial Planning business.
The UK-based financial institution is aware of up to 2,000 client files that were compromised in the incident, according to a spokesperson.
News of the incident was first reported by the Daily Mail, which said that up to 27,000 files were leaked from the company and sold to rogue traders. That number is "unsubstantiated," the Barclays spokesperson says.
Compromised information includes names, addresses and other personal details, according to Barclays. The Daily Mail reported exposed data may include customer earnings, savings, mortgages, health issues and insurance policies.
"We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data," Barclays says.
It's unclear how the records were stolen from Barclays. The financial planning business ceased operations in 2011, Barclays says. The data appears to be from 2008 or earlier.
Sentencing in DDoS Attack
A St. Louis, Mo., man has been sentenced for his role in a cyber-attack on a Koch Industries subsidiary's website.
Christopher Michael Sudlik was sentenced to 36 months' probation, 60 hours of community service and ordered to pay $111,000 in restitution, according to the U.S. Attorney's Office for the Eastern District of Wisconsin.
Sudlik pled guilty for his participation, along with members of the online hacker group Anonymous, in a distributed-denial-of-service attack against the Angel Soft bathroom tissue website in February and March of 2011. Angel Soft is a subsidiary of Koch Industries, the intended target of the attack, the attorney's office says.
Koch Industries is an American multinational corporation with various subsidiaries in oil, electronics and commodity trading.
Sudlik and others flooded the Angel Soft server with traffic with the intention of disrupting the website's service, federal prosecutors say. Koch Industries suffered several hundred thousand dollars in loss as a result of the continuous attacks on several of its network servers over a three-day span.
Previously, Eric Rosol of Black Creek, Wis., was sentenced to two years of federal probation and ordered to pay $183,000 in restitution for taking part in a DDoS attack on Koch Industries (see: Man Sentenced in Cyber-Attack).
Breach Affects Bank Job Applicants
Bank of the West is investigating a data breach that affected an undisclosed number of individuals who had applied for employment at the bank.
In the breach, which was discovered in December 2013, unauthorized individuals accessed servers containing data on the job applicants, according to a statement the bank provided to Information Security Media Group.
Customer account information was not compromised, the bank says. Bank of the West promptly engaged forensic experts to conduct an investigation and is cooperating with law enforcement authorities. There's no evidence to suggest personal information was taken, but affected individuals are being notified out of precaution, the bank says.