Just thought I'd pass on an interesting email that I received at work today.
This past weekend the hacker group “Anonymous” threatened the release of data claiming to be associated with the Stratfor Global Intelligence firm’s recent security incident, including:
1) “75,000 names, addresses, credit card numbers and passwords for every customer that has ever paid Stratfor; and
2) 860,000 usernames, email addresses, and passwords for everyone who’s ever registered on Statfor’s website.”
The State Information Security Office has received supplemental information that the data was in fact made publicly available for download on several websites (intentionally not disclosed in this message), and that those affected include many current or past state and local government employees who registered on the Stratfor website, purchased products from Stratfor, or both. Additionally, we’ve heard that fraudulent charges have already been made with some of the compromised credit card data.
The Stratfor website (http://www.stratfor.com/) now acknowledges the security incident and informs its customers about the actions it is taking, including the offer of identity protection services.
We recommend individuals that registered with Stratfor change their passwords immediately on all systems where the same credentials were used and inform any other appropriate parties of the compromise.
We also recommend individuals that have made prior payment to Stratfor cancel any credit cards used for payment immediately and investigate their credit card statements for signs of unauthorized transactions. If other means of payment were used, it is recommended that you monitor your financial statements for unauthorized transactions. Individuals may also wish to take advantage of any credit protection services offered by Stratfor.
Questions regarding the Stratfor incident should be directed to the Stratfor contacts published on its website.