DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Brokerage firm Benjamin F. Edwards fell victim to CryptoWall infection

Posted on July 4, 2014 by Dissent

Dave Lewis of Forbes recently reported a breach affecting brokerage house Benjamin F. Edwards Co.’a customers. A copy of the firm’s notification letter to clients had been posted on the California Attorney General’s website as well as the Vermont Attorney General’s website.

At the time, Lewis reported:

On May 24, 2014 Benjamin F. Edwards & Co. had their computer systems compromised by an unauthorized third party. The breach was discovered three days later on May 27, 2014. Through their investigation the company was able to ascertain that customer data was in fact exfiltrated from the company systems. While they were unable to determine if the data has been used fraudulently that is a possibility that could still occur. They did not disclose how many customers were affected in the breach.

The firm’s notification to New Hampshire, however, reveals additional details not previously disclosed:

… an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common CryptoLocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address.

BFE’s law firm, Bryan Cave, notes that the firm does believe notification is required under New Hampshire’s statute, and that although they have no specific evidence that any resident’s information was accessed, acquired, or misused,  they were  notifying every client and former employee whom BFE knew to reside in New Hampshire – 430 individuals.

Those notified were offered one year of free identity protection, credit-monitoring, and fraud assistance services with AllClear ID.

Category: Financial SectorMalware

Post navigation

← Citing medical privacy laws, Clippers owner's lawyers seek to remove case to federal court
IN: St. Vincent Breast Center sends 63,000 letters to wrong patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.