US brokerage Benjamin F. Edwards & Co has admitted that it could have suffered a data breach earlier this year after an employee at the firm became infected with the CryptoWall ransom malware, it has emerged.
The organisation notified the authorities of the incident, which happened on 27 May, about two weeks ago. An employee had files on a computer and some networks shares encrypted by the malware, which the firm believed also resulted in data being transferred to a rogue IP address.
As with other ransom Trojans such as CryptoLocker, CryptoWall's purpose is to extort money rather than steal data. It is unlikely that CryptoWall removed data other than for its own operation but the mere possibility would have triggered compliance worries.
"The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address," the firm said in a disclosure note.
The firm said that in the light of the attack it had taken steps to limit the IP addresses that could be visited by staff and "supplemented its security infrastructure with additional devices and practices that might help prevent CryptoWall attacks in future."
As a precaution the firm was sending a notification letter to the 430 current and former employees and clients living in New Hampshire, it said.
What the letter does not reveal is the nature of the files accessed by the malware but it must have included personal and/or financial data given that Benjamin F. Edwards & Co has offered ID theft and fraud protection to everyone affected for the next 12 months.
Another recent victim of CryptoWall was a police department in the town of Durham, coincidentally also in the state of New Hampshire.