CryptoWall ransom malware struck US brokerage Benjamin F. Edwards & Co

Possible data breach

US brokerage Benjamin F. Edwards & Co has admitted that it could have suffered a data breach earlier this year after an employee at the firm became infected with the CryptoWall ransom malware, it has emerged.

The organisation notified the authorities of the incident, which happened on 27 May, about two weeks ago. An employee had files on a computer and some networks shares encrypted by the malware, which the firm believed also resulted in data being transferred to a rogue IP address.

As with other ransom Trojans such as CryptoLocker, CryptoWall's purpose is to extort money rather than steal data. It is unlikely that CryptoWall removed data other than for its own operation but the mere possibility would have triggered compliance worries.

"The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address," the firm said in a disclosure note.

The firm said that in the light of the attack it had taken steps to limit the IP addresses that could be visited by staff and "supplemented its security infrastructure with additional devices and practices that might help prevent CryptoWall attacks in future."

As a precaution the firm was sending a notification letter to the 430 current and former employees and clients living in New Hampshire, it said.

What the letter does not reveal is the nature of the files accessed by the malware but it must have included personal and/or financial data given that Benjamin F. Edwards & Co has offered ID theft and fraud protection to everyone affected for the next 12 months.

Another recent victim of CryptoWall was a police department in the town of Durham, coincidentally also in the state of New Hampshire.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Personal TechBenjamin F. Edwards & Co

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts