The brokerage house, Benjamin F. Edwards & Co., disclosed yesterday that they had suffered a data breach due to an unknown intruder.
The firm’s namesake was the great grandson of the founder A.G. Edwards who founded a US based stock brokerage. Edwards III would go on to expand the St. Louis based company until his passing in 2009. In 2007 the firm was sold to Wachovia for $6.8 billion. Needless to say this would be a target that would be hard to pass up for the criminally inclined. Based on the disclosure it seems that the temptation was too much for someone to resist.
On May 24, 2014 Benjamin F. Edwards & Co. had their computer systems compromised by an unauthorized third party. The breach was discovered three days later on May 27, 2014. Through their investigation the company was able to ascertain that customer data was in fact exfiltrated from the company systems. While they were unable to determine if the data has been used fraudulently that is a possibility that could still occur. They did not disclose how many customers were affected in the breach.
Once the breach was discovered Benjamin F. Edwards & Co. took steps to cut off the intruder’s access. They brought in a forensics team to help get to the bottom of the breach and alert both law enforcement and industry regulators. At the time of this writing there was no indication if someone had been arrested. They admit that they have taken steps to ensure that similar attacks as this are mitigated in the future but caution that nothing is 100%. I’ll give them credit. They found the issue and reacted quickly. Called for backup and then fell on their sword. While an unfortunate breach for them they appear to have responded well under the circumstances.
On June 27 Benjamin F. Edwards & Co. started sending out breach notification letters to their customers with the details on how they can go about signing up for their credit reporting. The company is offering affected customers identity protection, fraud protection and credit monitoring for 12 months at no cost to their customers.
I'll be following this story and will update as I get more information.
UPDATE: It turns out that the issue that lead to the data breach was a CryptoWall malware infection. This additional information was included in the New Hampshire disclosure notice.
In more detail, an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common Cryptolocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address.
H/T to Databreaches.net
