Hacker Sentence Leads Breach Roundup

LulzSec Member Sentenced to One Year for Role in SQL Attack
Hacker Sentence Leads Breach Roundup

In this week's breach roundup, a second member of the LulzSec hacktivist group has been sentenced to one year and one day in federal prison for his involvement in the Sony Pictures Entertainment computer breach. Also, residents of the District of West Vancouver are being warned that their information may be compromised following unauthorized access that may have occurred through one of the district's web services.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

LulzSec Member Sentenced over Sony Breach

A second member of the LulzSec hacktivist group has been sentenced to one year and one day in federal prison for his involvement in the Sony Pictures Entertainment computer breach.

The U.S. Attorney's Office for the Central District of California announced the sentencing in a statement.

Raynaldo Rivera, known by the online moniker "neuron," of Chandler, Ariz., pleaded guilty in October 2012 to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in 2011 [see: Second Arrest in Sony Hack].

The SQL injection attack against Sony Pictures' computer systems cost the company more than $600,000 in damages. LulzSec members were able to obtain confidential information, which they distributed on the Internet, according to the statement. Compromised information included names, addresses, phone numbers and e-mail addresses for tens of thousands of Sony customers.

Additionally, Rivera is ordered to serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution, the attorney's office says.

Rivera's sentencing is the second against LulzSec. Cody Andrew Kretsinger, a LulzSec member who used the online moniker "recursion," was sentenced in April to one year and one day in federal prison, the attorney's office says.

Residents Warned of Unauthorized Access

Residents of the District of West Vancouver are being warned that their information may be compromised following unauthorized access that may have occurred through one of the district's web services.

While details are scarce, the district discovered the breach on July 21 and immediately shut down the online service to protect residents' personal information, according to a release posted to the district's website. A review showed no evidence that personal information had been compromised, the district said. A new server was brought online on July 22.

Notices are being sent to affected customers by e-mail where available and by mail, the release said.

It's unclear how many residents may be compromised. A request for comment wasn't immediately answered.

Potentially compromised data includes personal information on residents who use pre-authorized payment plans for their tax and utility bills, the news release said. Other impacted customers include those who use MyDistrict, an online service for tax, utility, bylaw notices, dog and business license information. The service doesn't collect credit or debit card information, social insurance numbers or driver's license information.

Lost Laptop Sparks HIPAA Breach

Retinal Consultants Medical Group is notifying patients of a breach after it discovered that an unencrypted laptop was stolen from its offices.

Located in Sacramento, Calif., Retinal Consultants specializes in diagnosing and treating retina and vitreous diseases.

The stolen laptop may have contained names, dates of birth, gender, race and optical coherence tomography images, according to a statement issued by the organization.

Social Security numbers, driver's license numbers and addresses were not on the laptop.

It's unclear how many were affected, and a request for comment was not immediately answered.

The theft has been reported to local police. As a result of the incident, the organization is increasing the physical security of imaging and other equipment stored at its offices; increasing the interior and exterior security of its offices; and requiring additional information when confirming a patient's identity on the phone.

"We are also in the process of determining how we can further secure laptop data and strengthening other aspects of our internal HIPAA security program," the statement says.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.