Missouri-based brokerage firm issues breach notification after being targeted by CryptoWall Warning of a potential data breach, Benjamin F. Edwards & Co. (BFE) says that CryptoWall, a variant of CryptoLocker, infected an employee’s computer on May 27, and as a result, “data was transferred to a suspicious IP address.”In a letter to the New Hampshire Attorney General’s office, BFE said that they believe that some information was taken, but they’re not sure what the information included. As such, in order to play things safe, the company implemented their regulatory measures and started the notification process.“During our investigation we learned some of our information was taken but do not have specific evidence that suggests information about our clients and employees was acquired by a third party or has been fraudulently used,” a company spokesperson said in a statement to Salted Hash.“Our clients and employees expect their personal information to be secure and protected, and we take our responsibility in this regard very seriously. For that reason, and because the possibility exists that client or employee information could be affected, we voluntarily disclosed the incident to our current and former clients and employees and offered them one full year of credit monitoring and fraud protection.” The potential breach at BFE happened around the time that a massive Phishing campaign was underway, which used a number of lures, including fax reports, business complaint notices, fake invoices, and payment advice notices.In each case, the victim was asked to download a file from either Dropbox or Cubby, which in reality was malware. Like CryptoLocker, CryptoWall is Ransomware that uses a 2048-bit RSA key to encrypt the contents of the victim’s computer, forever denying them access to their content unless a ransom is paid. The malware will target all files on the system, and files that are linked to the system via attached storage or network connections. Researchers speculate that the attackers infected some 350,000 systems and earned nearly $62,000 USD from their actions.BFE wouldn’t disclose how many people would get a notification letter, but a majority – if not all – of those impacted should have gotten their notifications by now.The company said that a majority of them were sent in June. BFE offered those impacted by the incident access to AllClear ID as the option for the aforementioned credit monitoring. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe