Hacker break-in forces firm to issue results early

[InfoSec News <isn () c4i org>]

Forwarded from: Matt Southworth <south () shore net>

http://digitalmass.boston.com/news/2002/02/14/hackers.html

By Tim Hepher
Reuters
02/14/02

AMSTERDAM Buhrmann, the world's top office products supplier,
acknowledged a flaw in its Internet security on Thursday after a
hacker broke into its Web site and forced it to publish a 51 percent
fall in profits a day early.

Buhrmann, which makes 12 percent of its revenue over the Web,
published its results on Wednesday evening after saying it had been
contacted by a radio journalist who had found out they were accessible
in what should have been a secure Internet area.

"We thought it was secure, but apparently it wasn't," Chief Executive
Frans Koffrie told a news conference called to present the results
which, although bleak, were much as the market had expected after
being well flagged by two profit warnings.

The leak came after the Amsterdam bourse had closed on a day when
there had been a rise of 10 percent in Buhrmann's share price on
double the normal volume. The shares fell back as much as six percent
in even higher volume on Thursday.

Koffrie said the leak could not have seeped into the Amsterdam market,
because the information had not been fed into the maintenance system
that was penetrated until after the bourse closed. The company is
investigating how security was broken, he added.

He said the share rise was probably caused by a strong statement from
U.S. rival Office Depot earlier that day. Office Depot stock rose 14
percent after it reported a swing back into profit.

A Euronext spokesman said the exchange was satisfied the company had
acted promptly to make sure all investors knew about the results as
soon as it found out about the high-tech leak.

TRADING IN NEW YORK

Buhrmann's New York-listed stock was trading at that time but the
company said there had been no evidence of any unusual activity that
might have forced it to request a suspension.

Euronext can refer high volumes or price movements driven by no
apparent news to Dutch stock regulator STE for investigation, but it
declined to say whether that would happen in this case.

An industry source however said the Buhrmann share activity on
Wednesday fell inside the category of possibly suspicious trades that
would normally end up on the regulator's desk.

The STE said it was aware of unusual volumes in Buhrmann trading but
declined to say whether it would investigate, nor whether there could
be a possible link with the security breach on Buhrmann's results.

"We are aware of this trading in Buhrmann but this does not mean this
will lead to an investigation. We cannot comment on whether there will
be an investigation," an STE spokesman said.

The web security lapse capped a generally miserable year for Buhrmann,
whose Web site vaunts its modern Internet technology.

It has seen its shares plunge around 60 percent through two profit
warnings and a downturn in demand for office products as the economy
turns sour and fewer companies expand.

Shares in Buhrmann were down 6.55 percent at 12.12 euros by 1510 on
Thursday. Volume was more than three times the 30-day average with 1.1
percent of the capital changing hands.

Buhrmann, which sells products ranging from floppy disks to filing
cabinets and makes half its sales in the United States, slashed its
dividend to 0.16 euros per share from 0.60 euros.

EPS before goodwill fell to 1.02 euros from 2.10 euros in 2000,
pipping Buhrmann's own forecast of one euro per share.

And on a more optimistic note, it reiterated it expected higher net
ordinary profit in 2002 barring severe economic news.

Buhrmann said operational margins had already picked up in the fourth
quarter, partly because of cost cuts achieved by integrating
acquisitions like U.S. Office Products and Samas, a process which is
expected to be completed by mid-2002.


--
Matt Southworth                 Three Five Oh One Two Five Go!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.