PWC: No evidence of breach in Romney tax return extortion case

A group is threatening to release the presidential candidate's tax returns prior to 2010 unless it receives US$1 million

PricewaterhouseCoopers said Wednesday it has not found evidence of unauthorized data access despite a group's claim that Republican presidential candidate Mitt Romney's tax returns were stolen in a late-night office theft.

The financial consultancy said it is working with the U.S. Secret Service. Officials from the law enforcement agency did not have an immediate comment late Wednesday.

"At this time there is no evidence that our systems have been compromised or that there was any unauthorized access to the data in question," according to an email statement from Maggie O'Donovan-Bolton, PWC's tax public relations director, in New York.

An unnamed group offered the documents on Sunday on Pastebin, writing that it obtained access to network file servers at PWC's offices in Franklin, Tennessee. The group is threatening to release the key to the documents, which are encrypted, if it does not receive US$1 million by Sept. 28.

Romney had refused calls to release his tax returns before 2010, facing criticism that he uses complicated yet legal maneuvers to pay a much lower tax rate than most U.S. citizens.

The group contends it gained access on Aug. 25 to PWC's facility through someone working on the third floor. Romney's tax returns prior to 2010, stored on the second floor in suite 260, were copied during the night, the group said. The encrypted documents were delivered on flash drives to Democrat and Republican offices in Williamson County, PWC and will be sent to major news organizations.

Ken Whitehouse, senior reporter with The City News in Nashville, visited the Republican offices in downtown Franklin on Wednesday, where he was shown a manilla envelope containing the flash drive and a letter. The envelope, with crude writing and misspelled words, was hand-delivered and had no stamps, he said.

Whitehouse, who said he received a tip about the alleged hacking and is credited with breaking the story, wasn't allowed to take photos or examine the flash drive. When officials emptied the envelope on a table, "they didn't want to touch it," he said in an interview Wednesday night. "When they were done, they kind of opened the envelope and scooped [the contents] back in."

The group wants the money paid using the BitCoin digital currency, which is hard to trace, in order to prevent the decryption key from being released.

"It does not matter if small amounts or one large amount is transferred, as long as the final value of the BitCoins is equal to $1,000,000 USD at the time when it is finished," the group wrote. "The keys to unlock the data will be purged and what ever is inside the documents will remain a secret forever."

Efforts to reach the Romney campaign were not immediately successful.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place