CryptoWall blamed for possible data breach at Benjamin F. Edwards & Co.

Missouri-based brokerage firm issues breach notification after being targeted by CryptoWall

binary hard drive storage disk

Warning of a potential data breach, Benjamin F. Edwards & Co. (BFE) says that CryptoWall, a variant of CryptoLocker, infected an employee's computer on May 27, and as a result, "data was transferred to a suspicious IP address."

In a letter to the New Hampshire Attorney General's office, BFE said that they believe that some information was taken, but they're not sure what the information included. As such, in order to play things safe, the company implemented their regulatory measures and started the notification process.

"During our investigation we learned some of our information was taken but do not have specific evidence that suggests information about our clients and employees was acquired by a third party or has been fraudulently used," a company spokesperson said in a statement to Salted Hash.

"Our clients and employees expect their personal information to be secure and protected, and we take our responsibility in this regard very seriously. For that reason, and because the possibility exists that client or employee information could be affected, we voluntarily disclosed the incident to our current and former clients and employees and offered them one full year of credit monitoring and fraud protection."

The potential breach at BFE happened around the time that a massive Phishing campaign was underway, which used a number of lures, including fax reports, business complaint notices, fake invoices, and payment advice notices.

In each case, the victim was asked to download a file from either Dropbox or Cubby, which in reality was malware. Like CryptoLocker, CryptoWall is Ransomware that uses a 2048-bit RSA key to encrypt the contents of the victim's computer, forever denying them access to their content unless a ransom is paid.

The malware will target all files on the system, and files that are linked to the system via attached storage or network connections. Researchers speculate that the attackers infected some 350,000 systems and earned nearly $62,000 USD from their actions.

BFE wouldn't disclose how many people would get a notification letter, but a majority – if not all – of those impacted should have gotten their notifications by now.

The company said that a majority of them were sent in June. BFE offered those impacted by the incident access to AllClear ID as the option for the aforementioned credit monitoring.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.