Judge approves Stratfor lawsuit settlement over breach

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.scmagazine.com/judge-approves-stratfor-lawsuit-settlement-over-breach/article/247925/

Global intelligence firm Stratfor is expected to settle a class-action
lawsuit that was brought following last year's massive data breach,
according to reports.

The Austin, Texas-based Stratfor will offer members of the class a one
month subscription fee, which normally costs $29.08, as well as an
electronic book published by Stratfor, priced at $12.99, according to
a Reuters report, which cited a decision by U.S. District Judge Denis
Hurley, sitting in Long Island, N.Y.

To join the class and qualify for the settlement, one must have to be
a current or former Stratfor subscriber as of Dec. 24, 2011, the day
the breach was disclosed by Anonymous.

Under the settlement, which received preliminary approval from the
judge on June 14, Stratfor also must provide free credit monitoring
for class members who ask for it, and the company must continue to
invest in upgrading its security, the Reuters story said. In settling,
it didn't admit any wrongdoing.

In total, the settlement is expected to cost Stratfor $1.75 million.

A week after the attacks were publicized on Christmas Eve Day, the
Anonymous hackers dumped 75,000 names, addresses and passwords of
every customer that has ever paid Stratfor for services. Additionally,
the group posted the personal information on 860,000 people who
registered with the company.

The intruders also claim to have gotten their hands on 90,000 credit
card numbers, which were purportedly used to make about a million
dollars in donations to charities. But it appears their main goal was
to gain access to the company's emails, which they did -- 5.2 million
of them.

Authorities have made arrests in the wake of the breach.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.