LONDON (AP) — Global intelligence analysis firm Stratfor has relaunched its website after hackers brought down its servers and stole thousands of credit card numbers and other personal information belonging to its customers.
Chief Executive George Friedman acknowledged for the first time Wednesday that the company had not encrypted customer information and said this decision had embarrassed the company.
Loose-knit hacking collective Anonymous, which claimed responsibility for the attack over the Christmas holidays, had said it was able to get the details in part because Stratfor didn’t bother encrypting them.
“It was a truly unforgivable failure and I feel awful about it,” Friedman told The Associated Press in a telephone interview. “Sometimes in rapid growth, you make a mistake. That’s not an excuse, that’s not a justification … It’s an explanation.”
Stratfor had previously declined to say if the information was left unencrypted. Members of Anonymous have said it was targeting companies “that play fast and loose with their customers’ private and sensitive information.”
The company said Wednesday that it was moving its entire e-commerce process to a third-party system, which will eliminate the need to store credit information. It said it has contracted with CSID, a top-ranked provider of identity protection, to provide its services to all customers at Stratfor’s expense, and that it has hired Internet security firm Sec Theory to rebuild its website, email system and internal infrastructure.
Verizon Business also was hired to conduct a forensic review of the attacks, Stratfor added.
Friedman also revealed that the company was targeted more than once by hackers and had known for some time about a data breach.
He said he was first alerted to a website hack in early December — weeks before Anonymous took to Twitter to boast of bringing down the website and stealing a stash of credit card numbers, emails and other data from the company.
The hackers said then that their goal was to use the stolen credit information to donate to charities at Christmas, and some victims confirmed unauthorized transactions were made from their credit accounts.
Austin, Texas-based Stratfor is a subscription-based publisher providing political, economic and military analysis to help customers reduce risk. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.
On Tuesday, Friedman said he had met with an FBI agent in early December after being informed by the company’s vice president of intelligence that customers’ credit card numbers had been stolen.
He said he had felt torn over the need to protect and personally inform customers at the time, but that the FBI was setting the rules and wanted to conduct its investigation without tipping the hackers off.
“It was very important to them that the criminals not know the extent to which we had knowledge of the damage,” Friedman explained, saying the FBI had assured him that it had informed credit card companies about compromised cards.
“We were caught between a very difficult situation where the FBI had control of the investigation and expected certain care in that investigation — and the need to protect our customers,” said Friedman. “What little we could do, we did.”
Still, he said he was under “no illusion” that the breach would be exposed.
“We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files,” Friedman said in a note to subscribers announcing the website’s relaunch.
But he told the AP that subscribers have stood by the company and subscriptions have held up in light of the attack.
“Our customers are primarily focused on the criminals,” he said. “Some customers have been critical, but the primary theme isn’t that ‘you didn’t know how to lock the door,’ but ‘locked or not, what are these people doing coming in?'”
While dismayed over stolen emails in the previous breach, Friedman said he was “stunned” to learn that the company’s servers were “effectively destroyed” in another hack on Dec. 24.
“I was absolutely unprepared for their attempt to destroy us,” Friedman said, describing how hackers took full control of the servers, overrode the systems and made recovery “just about impossible.”
“Our systems were shredded,” he explained. “The destruction of our servers and our backups… was clearly intended to take us offline and silence us.”
Stratfor said it was continuing to cooperate with an FBI investigation into the attack.
Cassandra Vinograd can be reached at: http://twitter.com/CassVinograd