Stratfor settles with clients over major Anonymous hack
Hacktivists aligned with the loose-knit online collective Anonymous infiltrated the servers of Stratfor late last year, lifting over 200 GB of internal data not meant for outside eyes. As a firm specializing in security analysis, the move came as a slap in the face to Stratfor, who were hesitant to officially admit that their servers had been hijacked by hackers.
"We have reason to believe that the names of our corporate subscribers have been posted on other web sites," the company alerts clients in an email last December. "We are diligently investigating the extent to which subscriber information may have been obtained."
Anonymous eventually leaked the contents of the hack, including millions of emails that were published on the Web this year by Julian Assange’s WikiLeaks.
In a statement released in the aftermath of the hack, Project PM founder Barrett Brown wrote, “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor's employees off the record over more than a decade.” As curious computer users dug into the trove of data, it was eventually revealed that among the contents of stolen intel were emails linking Stratfor analysts with law enforcement officers, exposing that the company’s employees had contact the police to share information on the Occupy Wall Street movement.
Elsewhere in the dump were the personal details pertaining to as many as 4,000 Stratfor clients, including those who had purchased a paid subscription that the company claimed came with “identity protection coverage from CSID, a leading provider of global identity protection.” Clients of the company included Bank of America, the US Defense Department and others.
In an order written by US District Judge Denis Hurley earlier this month, Stratfor will have to compensate clients who subscribed to the company’s updates prior to the Christmas Eve hack. Stratfor does not have to admit any “wrongdoing, fault, violation of law or liability of any kind,” but will have to provide one month of free service to plaintiffs — a value of $29.08 — and offer an electronic copy of its publication The Blue Book, which regularly retails for $12.99. The entire settlement is expected to set the company back around $1.75 million.