[Dataloss] Hacker server found containing thousands of sensitive business, healthcare files

Henry Brown hbrown at knology.net
Tue May 6 15:59:31 UTC 2008 

 From SearchSecurity.com

http://tinyurl.com/6mo3yo
Hacker server contains thousands of sensitive business, healthcare files
By Robert Westervelt, News Editor
06 May 2008 | SearchSecurity.com

Researchers at security vendor Finjan uncovered a server containing the 
sensitive email and Web-based data of thousands of people, including 
healthcare information, credit card numbers and business personnel 
documents and other sensitive data.
The server contained over 1.4GB of both email and web-based data. In 
all, the data consisted of more than 5,388 unique log files traced back 
to 5,878 distinct IP addresses.

Finjan said the server was a drop site for the AdPack exploit toolkit. 
The hacker controlling the server did not encrypt the data and failed to 
protect the server from being accessed.

[...]

Ben-Itzhak said since the initial discovery, three other servers have 
been discovered with unprotected sensitive data.

"This indicates that the person running it is interested in the data and 
the money, but probably has no clue about how to secure the server and 
how to protect the data from others to access it," he said.

Finjan notified more than 40 major international financial institutions 
located in the United States, Europe and India whose customers were 
compromised as well as various law enforcements around the world.

Ben-Itzhak said the server logs contained a mountain of healthcare 
information, including personal data, health data, treatment, 
medications, insurance details, Social Security Numbers, and healthcare 
providers' data, including physician's name. Due to the fact that the 
data was HIPAA related, Finjan informed the FBI of the discovery.

[...]

Other data contained personnel files and business files marked 
confidential. One message revealed details about an upcoming court case, 
while a few others contained business financial data such as invoice 
information. Banking data, including credit card numbers and account 
login numbers were also discovered on the server, Ben-Itzhak said.

[...]

More information about the Dataloss mailing list