Rapaport News reports:
India’s Gems and Jewellery Export Promotion Council (GJEPC) and the Bharat Diamond Bourse (BDB) have formed a joint committee to investigate the alteration of Gemological Institute of America (GIA) diamond grading reports, according to The Times of India (TOI).
The GIA last week published the names and suspended the accounts of 19 firms implicated in the alleged computer hacking scheme, of which 14 units were based in Surat or Mumbai, according to the TOI report.
Read more on Rapaport News.
I worked my way back through their news coverage and learned that the alteration of gem grading reports was first announced in October. Most of the 1,042 diamonds involved were submitted in India. Rapaport News reported that “Many were graded in full or in part at other GIA locations including Carlsbad and New York. Some stones were submitted directly to GIA in Carlsbad. The diamonds were submitted between November 2014 and September 2015; approximately 900 were submitted in July and August.”
Of note, when the GIA initiated an investigation with Tata Consultancy Services (TCS), the investigation reportedly indicated that
one or more former employees of TCS remotely made the unauthorized changes to alter grades before reports were printed and sent to clients. The hackers were said to be acting at the behest of parties unrelated to GIA or TCS.
So… it looks like we have another insider breach involving a contractor. It would be nice to know who these employees were working for.
h/t, @Sec_Cyber