Hacker Sentence Leads Breach RoundupLulzSec Member Sentenced to One Year for Role in SQL Attack
In this week's breach roundup, a second member of the LulzSec hacktivist group has been sentenced to one year and one day in federal prison for his involvement in the Sony Pictures Entertainment computer breach. Also, residents of the District of West Vancouver are being warned that their information may be compromised following unauthorized access that may have occurred through one of the district's web services.
See Also: The Global State of Online Digital Trust
LulzSec Member Sentenced over Sony Breach
A second member of the LulzSec hacktivist group has been sentenced to one year and one day in federal prison for his involvement in the Sony Pictures Entertainment computer breach.
The U.S. Attorney's Office for the Central District of California announced the sentencing in a statement.
Raynaldo Rivera, known by the online moniker "neuron," of Chandler, Ariz., pleaded guilty in October 2012 to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in 2011 [see: Second Arrest in Sony Hack].
The SQL injection attack against Sony Pictures' computer systems cost the company more than $600,000 in damages. LulzSec members were able to obtain confidential information, which they distributed on the Internet, according to the statement. Compromised information included names, addresses, phone numbers and e-mail addresses for tens of thousands of Sony customers.
Additionally, Rivera is ordered to serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution, the attorney's office says.
Rivera's sentencing is the second against LulzSec. Cody Andrew Kretsinger, a LulzSec member who used the online moniker "recursion," was sentenced in April to one year and one day in federal prison, the attorney's office says.
Residents Warned of Unauthorized Access
Residents of the District of West Vancouver are being warned that their information may be compromised following unauthorized access that may have occurred through one of the district's web services.
While details are scarce, the district discovered the breach on July 21 and immediately shut down the online service to protect residents' personal information, according to a release posted to the district's website. A review showed no evidence that personal information had been compromised, the district said. A new server was brought online on July 22.
Notices are being sent to affected customers by e-mail where available and by mail, the release said.
It's unclear how many residents may be compromised. A request for comment wasn't immediately answered.
Potentially compromised data includes personal information on residents who use pre-authorized payment plans for their tax and utility bills, the news release said. Other impacted customers include those who use MyDistrict, an online service for tax, utility, bylaw notices, dog and business license information. The service doesn't collect credit or debit card information, social insurance numbers or driver's license information.
Lost Laptop Sparks HIPAA Breach
Retinal Consultants Medical Group is notifying patients of a breach after it discovered that an unencrypted laptop was stolen from its offices.
Located in Sacramento, Calif., Retinal Consultants specializes in diagnosing and treating retina and vitreous diseases.
The stolen laptop may have contained names, dates of birth, gender, race and optical coherence tomography images, according to a statement issued by the organization.
Social Security numbers, driver's license numbers and addresses were not on the laptop.
It's unclear how many were affected, and a request for comment was not immediately answered.
The theft has been reported to local police. As a result of the incident, the organization is increasing the physical security of imaging and other equipment stored at its offices; increasing the interior and exterior security of its offices; and requiring additional information when confirming a patient's identity on the phone.
"We are also in the process of determining how we can further secure laptop data and strengthening other aspects of our internal HIPAA security program," the statement says.