Austin, Tex.-based Stratfor is a research group that posts a daily newsletter on security issues and counts the Defense Department, Lockheed Martin and Bank of America as clients. But for being a so-called “intelligence company,” the organization did an awful job of protecting its internal data and website, which has been taken down by hackers. The company admitted today that a breach occurred yesterday and that personal client info was stolen.
“On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members,” Stratfor CEO George Friedman wrote on the company’s Facebook page earlier today. “We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.”
Anonymous let the world know it had hacked into the company on Dec. 24th by defacing Stratfor’s website and posting messages to Twitter. The hacker group said it had credit card details for around 4,000 Stratfor clients and info on a total of 90,000 credit card accounts altogether. The @AnonymousIRC Twitter account posted a link to Pastebin for what it claimed to be a secret list of Stratfor clients and taunted the company by saying, “Not so private and secret anymore.”
Stratfor said that the only people who appear on the “private” list are those who have purchased a Stratfor newsletter in the past. “Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications,” Friedman wrote on Facebook.
The hacker group claims to have 200 gigabytes worth of data and says that info was especially easy to get because the data was not encrypted. Anonymous promises more leaks are coming and the @YourAnonNews Twitter account continues to post more documents via Pastebin as they are released.
Anonymous’ stated goal of the operation is to steal $1 million from individual accounts to give as Christmas donations to organizations like the American Red Cross, CARE and Save the Children. The company posted five receipts on Twitter of donations made so far, including $180 and $200 donations to the Red Cross.
In a point of contention, a “press release” sent out via Pastebin today says Anonymous is not responsible for the hacks. But an Anonymous Twitter account says the press release is a misdirect, saying, “Whoever heard of an ‘Emergency Anonymous PR?’ LOLWTF.”