Welcome to Webroot Software, Inc. This site will work and look better in a browser that supports web standards, but it is accessible to any browser or Internet device.

Security Incidents

With the arrival of the Internet the number of external people who can potentially make their way "inside the company's walls" has multiplied exponentially. Online perpetrators are well-paid to extract information such as social security numbers, credit card numbers, bank account numbers, user names and passwords from company files.

In addition to the risk of direct losses, there are also significant impacts to staff productivity. Furthermore, companies are increasingly held accountable by government agencies and shareholders for properly securing the consumer data they retain. Failure to do so can result in legal charges, fines and a damaged reputation. Below are recent examples of online security breaches that resulted in the loss of millions of dollars.


Recent Security Incidents

TJX, the discounter that operates multiple retail stores including TJ Maxx and Marshalls had more than 45 million customer credit card and debit numbers stolen over an 18-month period in the US, Canada, and the UK beginning in 2005. This is the largest credit/debit card heist ever recorded.

Also stolen during the 18 month period were personal ID numbers, related names and addresses, drivers' license, and military and state ID numbers from 455,000 shoppers who made merchandise returns in the United States and Puerto Rico.

Although TJX has no idea if any of the credit or debit card numbers were used by thieves, police in Florida on March 8, 2007 charged six people in connection to the data theft after they were arrested for purchasing $8 million worth of merchandise with gift cards from various Wal-Mart stores throughout Florida.

The company expects multiple lawsuits related to the data theft in several U.S. states as well as at least six Canadian provinces.

A federal grand jury in Omaha, Neb., recently indicted three foreign nationals on charges of conspiracy, fraud and aggravated identity theft stemming from a high-tech, international fraud scheme designed to hijack online brokerage accounts for profit.

As part of this ongoing investigation, at least 60 customers and nine brokerage firms in the United States and elsewhere have been identified as victims, with one of the brokerage firms reporting more than $2 million in losses. Today's case marks the first time that individuals have been arrested overseas in connection with an online brokerage intrusion scheme perpetrated in the United States. In a related action, the SEC filed a civil complaint against all three defendants in federal court in Nebraska today.

"These new forms of high-tech identity and securities fraud pose serious risks to investors and brokerage firms across the globe," said Assistant Attorney General Fisher. "Today's case demonstrates our commitment to aggressively investigate and prosecute these schemes wherever they originate. I commend the investigators and prosecutors in this case for their tremendous cooperation and speedy action to track the source of this scheme halfway around the world."

According to the indictment, between July and November 2006, the defendants, operating primarily from Thailand and India, used their personal online brokerage accounts to purchase shares of several thinly-traded stocks. They then hacked into online brokerage accounts of others using stolen usernames and passwords or established new brokerage accounts using stolen identities. Using these accounts, the defendants made scores of unauthorized purchases of the same stocks to drive up the market price. Once the share prices were artificially inflated, the defendants sold their own shares for a substantial profit.

More security breach information and stories can be found at:

http://www.privacyrights.org/ar/ChronDataBreaches.htm
http://www.cybercrime.gov/

Copyright 2007 Webroot Software, Inc.