Update to Things Remembered breach
Technorati Tag: Security Breach
Date Reported:
11/25/08, UPDATED INFORMATION RE: "Things Remembered, Inc. employee information exposed"
Organization:
Luxottica Group
Contractor/Consultant/Branch:
Cole National Group, Inc.
Things Remembered, Inc.
Location:
Mason, Ohio
Victims:
Employees of the "Things Remembered brand" between 1998 and March, 2005
Number Affected:
59,419
Types of Data:
"name, address, Social Security Number, date of birth, and other information used for processing payroll"
Breach Description:
"During a routine check of the IT department at Cincinnati-based Luxottica Retail, it was discovered that a hacker had been inside a computer mainframe and downloaded the personal information of more than 59,000 former workers."
Reference URL:
The Inquirer
SC Magazine
InternetNews
Report Credit:
Richard Adhikari, InternetNews
Response:
From the online sources cited above:
More than 59,000 employees of Luxottica Group may be at risk after a hacker made off with their personal information in the latest incident of a massive corporate data breach.
[Evan] The original posting on The Breach Blog made reference to the letter sent to employees as provided by the Wisconsin Office of Privacy Protection. There was not much information available at that time, such as the number of people affected or type of system compromised. Rather than update the original post, we decided that there is enough new information to warrant an entirely new post.
Details downloaded include names, addresses and social security numbers.
Italy-based Luxottica Group S.p.A. owns the LensCrafters eyewear chain and is the world's largest designer, manufacturer and distributor of high-end eyewear -- including products bearing the Ray-Ban, Dolce & Gabbana, Donna Karan, Polo Ralph Lauren, Prada and Versace brands.
Luxottica's IT security discovered that its mainframe had been breached during an investigation in July and contacted local law enforcement, a spokesperson at Luxottica's U.S. headquarters in Mason, Oh. told InternetNews.com.
[Evan] Mainframe? How can it be made possible that a "hacker" accesses a mainframe from a remote location, i.e. the Internet? Mainframes usually house critical applications and large amounts of sensitive information. All access should be strictly controlled, monitored and logged, shouldn't it?
According to Lt. Jeff Braley of the Hamilton Township, Ohio, police department, 59,419 Luxottica employees lost their data through the breach.
Once investigators discovered the intrusion, they traced the hacker's IP address to Molly Burns of Glendale, Ariz.
[Evan] Glendale, Arizona is in Maricopa County. I have no idea if the Maricopa County Sheriff' has any jurisdiction, but it is home to "America's Toughest Sheriff", Joe Arpaio. Not a good place to be breaking the law (as if there were one).
Braley, who heads the Cyber Crimes Task Force in Warren County, Ohio, also confirmed media reports that Burns has a long arrest record that includes theft, forgery and drug charges.
[Evan] It doesn't sound like Ms. Burns is a high-tech, highly-trained intruder, does it? The fact that she was (allegedly) able to bypass controls and access (and download) sensitive information doesn't reflect very well on Luxottica's information security. What do you think a high-tech, highly-trained intruder could get (or did get)?
“Basically, we have potential victims in all 50 states. You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome.” (Lt. Jeff Braley)
no criminal charges have been filed
Inspector Knacker of the Arizona Yard swooped on her apartment during a heroin raid earlier this year and already has a number of her computers at the station.
[Evan] I'm pretty sure that "Inspector Knacker" is British Slang (this reference came from the Inquirer article). Those Brits speak funny.
Investigators are now waiting on the results of a forensics examination of the computers in the hope of finding some of the Luxotta [sic] files.
Burns apparently didn’t hang around to answer copper's questions. She has apparently legged it.
Three different police departments in Arizona are also looking for her so her hacking exploits will be only one of many things coppers want a word with her about.
the case may be turned over to the FBI
Luxottica has released few details about the intrusion into its mainframe, which are typically seen as being more difficult targets for hacking than other systems.
"Generally, mainframes are not accessible to the Internet, so the hacker most likely had to compromise other systems internally before getting to the mainframe," said Chris Petersen, a former electronic data processing auditor with PriceWaterhouse and Ernst & Young.
[Evan] I agree.
it is likely the hacker accessed another server first, then hopped from machine to machine until getting to the mainframe
[Evan] If this was the avenue of attack, then it is also likely is that the "hacker" was able to move from server to server without detection.
"Had the organization created a few basic rules, this breach wouldn't have happened," Petersen said. "Right now, they probably have to restore backup tapes and scrounge around and figure out what happened, or they'll miss a few servers the hacker compromised that someone could exploit six months later."
[Evan] Ain't this the case is most breaches?
Meanwhile the company sent letters to all the former employees letting them know what happened.
Apparently Luxottica Retail has improved its computer security so that a hacker who is such a novice they don’t think to hide their own IP address can't break down the door.
[Evan] Very true and pretty scary. What damage could a good attacker do?
Commentary:
As I stated earlier in this post, this is a follow-up to a breach that was already reported on the Wisconsin Office of Privacy Protection's web site, PogoWasRight and The Breach Blog. I always find it interesting to read additional findings related to information security breaches. The more information we read, the more insight we gain into the information security practices of others. Hopefully the more insight we gain, the more we can apply to the areas of our own responsibility.
Past Breaches:
Unknown, this is the same breach as was posted in "Things Remembered, Inc. employee information exposed", reported October, 2008.
Date Reported:11/25/08, UPDATED INFORMATION RE: "Things Remembered, Inc. employee information exposed"
Organization:
Luxottica Group
Contractor/Consultant/Branch:
Cole National Group, Inc.
Things Remembered, Inc.
Location:
Mason, Ohio
Victims:
Employees of the "Things Remembered brand" between 1998 and March, 2005
Number Affected:
59,419
Types of Data:
"name, address, Social Security Number, date of birth, and other information used for processing payroll"
Breach Description:
"During a routine check of the IT department at Cincinnati-based Luxottica Retail, it was discovered that a hacker had been inside a computer mainframe and downloaded the personal information of more than 59,000 former workers."
Reference URL:
The Inquirer
SC Magazine
InternetNews
Report Credit:
Richard Adhikari, InternetNews
Response:
From the online sources cited above:
More than 59,000 employees of Luxottica Group may be at risk after a hacker made off with their personal information in the latest incident of a massive corporate data breach.
[Evan] The original posting on The Breach Blog made reference to the letter sent to employees as provided by the Wisconsin Office of Privacy Protection. There was not much information available at that time, such as the number of people affected or type of system compromised. Rather than update the original post, we decided that there is enough new information to warrant an entirely new post.
Details downloaded include names, addresses and social security numbers.
Italy-based Luxottica Group S.p.A. owns the LensCrafters eyewear chain and is the world's largest designer, manufacturer and distributor of high-end eyewear -- including products bearing the Ray-Ban, Dolce & Gabbana, Donna Karan, Polo Ralph Lauren, Prada and Versace brands.
Luxottica's IT security discovered that its mainframe had been breached during an investigation in July and contacted local law enforcement, a spokesperson at Luxottica's U.S. headquarters in Mason, Oh. told InternetNews.com.
[Evan] Mainframe? How can it be made possible that a "hacker" accesses a mainframe from a remote location, i.e. the Internet? Mainframes usually house critical applications and large amounts of sensitive information. All access should be strictly controlled, monitored and logged, shouldn't it?
According to Lt. Jeff Braley of the Hamilton Township, Ohio, police department, 59,419 Luxottica employees lost their data through the breach.
Once investigators discovered the intrusion, they traced the hacker's IP address to Molly Burns of Glendale, Ariz.
[Evan] Glendale, Arizona is in Maricopa County. I have no idea if the Maricopa County Sheriff' has any jurisdiction, but it is home to "America's Toughest Sheriff", Joe Arpaio. Not a good place to be breaking the law (as if there were one).
Braley, who heads the Cyber Crimes Task Force in Warren County, Ohio, also confirmed media reports that Burns has a long arrest record that includes theft, forgery and drug charges.
[Evan] It doesn't sound like Ms. Burns is a high-tech, highly-trained intruder, does it? The fact that she was (allegedly) able to bypass controls and access (and download) sensitive information doesn't reflect very well on Luxottica's information security. What do you think a high-tech, highly-trained intruder could get (or did get)?
“Basically, we have potential victims in all 50 states. You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome.” (Lt. Jeff Braley)
no criminal charges have been filed
Inspector Knacker of the Arizona Yard swooped on her apartment during a heroin raid earlier this year and already has a number of her computers at the station.
[Evan] I'm pretty sure that "Inspector Knacker" is British Slang (this reference came from the Inquirer article). Those Brits speak funny.
Investigators are now waiting on the results of a forensics examination of the computers in the hope of finding some of the Luxotta [sic] files.
Burns apparently didn’t hang around to answer copper's questions. She has apparently legged it.
Three different police departments in Arizona are also looking for her so her hacking exploits will be only one of many things coppers want a word with her about.
the case may be turned over to the FBI
Luxottica has released few details about the intrusion into its mainframe, which are typically seen as being more difficult targets for hacking than other systems.
"Generally, mainframes are not accessible to the Internet, so the hacker most likely had to compromise other systems internally before getting to the mainframe," said Chris Petersen, a former electronic data processing auditor with PriceWaterhouse and Ernst & Young.
[Evan] I agree.
it is likely the hacker accessed another server first, then hopped from machine to machine until getting to the mainframe
[Evan] If this was the avenue of attack, then it is also likely is that the "hacker" was able to move from server to server without detection.
"Had the organization created a few basic rules, this breach wouldn't have happened," Petersen said. "Right now, they probably have to restore backup tapes and scrounge around and figure out what happened, or they'll miss a few servers the hacker compromised that someone could exploit six months later."
[Evan] Ain't this the case is most breaches?
Meanwhile the company sent letters to all the former employees letting them know what happened.
Apparently Luxottica Retail has improved its computer security so that a hacker who is such a novice they don’t think to hide their own IP address can't break down the door.
[Evan] Very true and pretty scary. What damage could a good attacker do?
Commentary:
As I stated earlier in this post, this is a follow-up to a breach that was already reported on the Wisconsin Office of Privacy Protection's web site, PogoWasRight and The Breach Blog. I always find it interesting to read additional findings related to information security breaches. The more information we read, the more insight we gain into the information security practices of others. Hopefully the more insight we gain, the more we can apply to the areas of our own responsibility.
Past Breaches:
Unknown, this is the same breach as was posted in "Things Remembered, Inc. employee information exposed", reported October, 2008.
Posted by Evan Francen at 12/1/2008 2:10 PM 
Categories: Things Remembered, Update, Luxottica Group, Intrusion
Categories: Things Remembered, Update, Luxottica Group, Intrusion
Posts Atom 1.0
Comments