Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Upchuck Hour: Stratfor's Data Breach

January 4, 2012

It doesn't get much worse. Stratfor, a security company based in Texas, was famously hacked over the Christmas weekend. Though always a disaster, Strator has a lot of high profile clients, including Goldman Sachs, the Defense Department, Los Alamos National Laboratory and the United Nations. It can't have been easy for a data security company to notify those clients of the breach.

Kevin Mandia, who is not involved in the Stratfor case, has investigated and cleaned up many data breaches on behalf of his company, Mandiant. He was the one who inspired the title of this post. Mr. Mandia was quoted in a New York Times article calling the first hour that he spends with a breached company "upchuck hour." The image is no doubt both apt and accurate.

Hackers claiming to be members of the hackivist group Anonymous have published tens of thousands of Stratfor clients' credit card numbers after the successful hack and they have also dumped names, e-mail addresses and passwords for hundreds of thousands of Stratfor users.

The hackers have claimed they were able to get to a lot of the data because it was (you get three guesses and the first two don't count) unencrypted. Stratfor has not confirmed whether this is true and did not respond to press requests for comment. Its website is still down but comments on its Facebook page indicate that some clients are not at all happy that they did not hear of the breach from Stratfor, but from their banks, notifying them of unauthorized charges.

There is rarely a happy ending in a situation like this. A lot of prayer and hope. Undoubtedly, Stratfor has hired a great team of experts and they'll change all the passwords, look for all the back doors, plug all security holes, trying to determine what data was compromised, yada, yada, yada. The trouble is, if you miss one significant thing, you're right back where you started. The intruders are inside again.

It was a lousy Christmas for Stratfor execs. I hope their 2012 is better – and that all their data is in fact encrypted.

Hat tip to friend and colleague Dave Ries for sending me several articles on the breach.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Upchuck Hour: Stratfor's Data Breach

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer