This past December, private geopolitical analyst firm Stratfor was hacked when hackers from the Anonymous group broke into their servers and posted users’ passwords and credit card information online. My credit card information was among them and I wrote a bunch of blog posts about my experience:
- Stratfor hacked by Anonymous – and my information gets stolen (Dec 25, 2011)
- Fallout from the Anonymous/Stratfor hack (Jan 6, 2012)
- Some more on the Anonymous/Stratfor hack – protecting user data (Jan 12, 2012)
- The Stratfor hack is not over yet (Feb 6, 2012)
- The Stratfor hack – the gift that keeps on taking (Feb 27, 2012)
After the hack occurred, I was really mad. Not at Stratfor, but at Anonymous hacker who broke in and leaked the data. But I confess, as time passed and nothing bad seemed to occur, it fell down a lot lower in priority at the bottom of my mind.
Yesterday, I got an email that apparently some subscribers (or maybe 1 subscriber) got together and sued Stratfor for negligence. They argued that Stratfor didn’t do enough to protect their subscribers’ data and were looking for restitution.
Stratfor settled the lawsuit out of court, and as a subscriber who was affected by the breach, I get the following:
- One month of free access to Stratfor, valued at $29.08, free-of-charge. While this sounds like a pretty good deal, I usually subscribe to Stratfor by waiting until the last minute when they have their annual specials and it costs either $199 or $249 per year. That works out to roughly 3 months free-of-charge access. So this deal isn’t that great, although if they never run their discounts again I’ll be out of luck.
- I get some money from Stratfor’s Insurance company if they ever collect anything.
- I get an eBook called “The Blue Book.” I don’t know what this book is, but I’ve read three or four of Stratfor’s books in the past and I really enjoy them.
I admit that I am easy to please. I had to change my credit card and password, but I didn’t have any fraudulent charges nor did anyone login to any of my other accounts. No harm done, so I’m happy with the book even though I don’t know what it is (and can’t find anything on it after doing a quick Internet search).
But what really sealed the deal for me was when I read in The Register that police had caught and charged a hacker with the Stratfor breach, and that was a result of the ringleader of the Anonymous group deciding to co-operate with the FBI last year:
Jeremy Hammond, 27, of Chicago, Illinois, was charged in March with access device fraud and hacking offences in relation to to the Stratfor hack. He is alleged to be the infamous Anonymous figure "Anarchaos".
Hammond’s arrest took place with the assistance of LulzSec suspect turned FBI informant, Hector Xavier ‘Sabu’ Monsegur, officials said. Court documents reveal that Monsegur offered an FBI-supplied server as a repository for 20GB of data extracted from Stratfor, an offer that was accepted.
So from my perspective, the hacker who did the deed was caught and I get a free book. Since that’s all there seems to be to the story (i.e., no other of my information was hacked), I’m happy.
But more importantly, it (probably) illustrates a shift going forward, and new opportunities for emerging businesses:
- Companies are going to start thinking about protecting data-theft insurance. Rather than take their chances with a breach and getting sued, they will buy insurance so that if (when?) it does happen, their risk is mitigated.
- This will create new business for insurance companies (if hackers hate big business, their plans have backfired because they just created more of it). They will evaluate the risk/reward ratio of providing these services and will see it as a new revenue stream.
- This will also create new business for companies doing risk assessments for large (or even small) corporations. This could be consulting companies who go in and assess risk for insurance companies in order to set premiums, or companies who are buying this insurance to figure out where they are most at risk and fix (or mitigate, or take it as an accepted risk) those vulnerabilities.
That’s my update on the Stratfor hack.