Hacker Charge Leads Breach RoundupInfiltrated Networks to Obtain Sensitive Information
In this week's breach roundup, a hacker has been charged with infiltrating computer networks across the U.S. to obtain sensitive information. Also, a Utah credit union is re-issuing 20,000 Visa debit cards following incidents at several merchants.
Hacker Charged with Breaching Networks
Cameron Lacroix of New Bedford, Mass., has been charged with hacking computer networks of law enforcement agencies across the U.S. as well as at a local college.
Lacroix was charged with two counts of computer intrusion and one count of access device fraud, according to the Federal Bureau of Investigation. He has agreed to plead guilty to these charges and to serve a four-year prison sentence, the FBI reports.
Between May 2011 and May 2013, Lacroix allegedly obtained payment card data for more than 14,000 account holders through his attacks, the FBI says. In some cases, Lacroix also obtained other personally identifiable information, including the account holders' full names, addresses, dates of birth, Social Security numbers, e-mail addresses and bank account and routing numbers, as well as listings of merchandise the account holders had ordered.
In September 2012, Lacroix allegedly hacked into a computer server operated by a local police department in Massachusetts and accessed an e-mail account belonging to the chief of police, the FBI says. From August 2012 through November 2012, Lacroix is accused of repeatedly hacking into law enforcement computer servers in various cities containing sensitive information, including police reports, intelligence reports, arrest warrants and sex offender information. Lacroix is also accused of using stolen credentials to access and change information on the servers of Bristol Community College, Fall River, Mass., the FBI says.
Lacroix also allegedly hacked into celebrity Paris Hilton's mobile phone a few years back, according to news reports.
Credit Union Re-issues Cards
America First Credit Union, based in Ogden, Utah, is re-issuing 20,000 Visa debit cards following undisclosed incidents at several merchants.
"America First determined that a small number of accounts were affected by this recent undisclosed merchant compromise," the credit union says in a May 29 statement. "These members were fully reimbursed and provided with new debit cards and PINs. Law enforcement and Visa were notified and investigations are under way."
Based on its investigation, the credit union has determined that the date range of the fraudulent activity occurred from October 2013 through February 2014. "We further identified several locations where debit card and PIN data may have been captured."
The credit union says Visa's regulations prohibit it from disclosing the breach locations.
Farmer Data Exposed in Cyber-Attack
Precision Planting, a farming technology firm, says an unauthorized user accessed a server that stored employee information and customer account information, including some credit card data and tax ID numbers. Precision Planting is a subsidiary of Monsanto, a multinational chemical and agricultural biotechnology corporation.
Approximately 1,300 farmer customers of Precision Planting were impacted, says Christy Toedebusch, a Monsanto spokesperson.
"We believe this unauthorized access was not an attempt to steal customer information and are not aware of any misuse of the information impacted by the incident," she says. "However, because unauthorized access to customer information may have occurred, we notified customers whose information was present on the affected server and are offering them a complimentary credit monitoring service for one year."
Hackers Access Health Department Server
The Montana Department of Public Health and Human Services is notifying an undisclosed number of individuals about a breach after hackers gained access to an agency server.
Department officials say there's no evidence that information on the server was inappropriately used.
The server contained client information that may have included names, addresses, dates of birth and Social Security numbers, dates of service, as well as clinical information, the department statement says. Employee payroll information on the affected server included names, Social Security numbers and bank account information.
The department ordered an independent forensic investigation on May 15 when it detected suspicious activity and immediately shut down the server and contacted law enforcement.
Impacted individuals are being offered free credit monitoring and insurance. The department did not immediately respond to a request for additional information.