LONDON (AP) - Global intelligence analysis firm Stratfor has relaunched its website after hackers brought down its servers and stole thousands of credit card numbers and other personal information belonging to its customers.
Chief Executive George Friedman acknowledged for the first time Wednesday that the company had not encrypted customer information and said this decision had embarrassed the company.
Loose-knit hacking collective Anonymous, which claimed responsibility for the attack over the Christmas holidays, had said it was able to get the details in part because Stratfor didn’t bother encrypting them.
“It was a truly unforgivable failure and I feel awful about it,” Friedman told The Associated Press in a telephone interview. “Sometimes in rapid growth, you make a mistake. That’s not an excuse, that’s not a justification … It’s an explanation.”
Stratfor had previously declined to say if the information was left unencrypted. Members of Anonymous have said it was targeting companies “that play fast and loose with their customers’ private and sensitive information.”
The company said Wednesday that it was moving its entire e-commerce process to a third-party system, which will eliminate the need to store credit information. It said it has contracted with CSID, a top-ranked provider of identity protection, to provide its services to all customers at Stratfor’s expense, and that it has hired Internet security firm Sec Theory to rebuild its website, email system and internal infrastructure.
Verizon Business also was hired to conduct a forensic review of the attacks, Stratfor added.
Friedman also revealed that the company was targeted more than once by hackers and had known for some time about a data breach.
He said he was first alerted to a website hack in early December _ weeks before Anonymous took to Twitter to boast of bringing down the website and stealing a stash of credit card numbers, emails and other data from the company.
The hackers said then that their goal was to use the stolen credit information to donate to charities at Christmas, and some victims confirmed unauthorized transactions were made from their credit accounts.
Austin, Texas-based Stratfor is a subscription-based publisher providing political, economic and military analysis to help customers reduce risk. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.
On Tuesday, Friedman said he had met with an FBI agent in early December after being informed by the company’s vice president of intelligence that customers’ credit card numbers had been stolen.
He said he had felt torn over the need to protect and personally inform customers at the time, but that the FBI was setting the rules and wanted to conduct its investigation without tipping the hackers off.
“It was very important to them that the criminals not know the extent to which we had knowledge of the damage,” Friedman explained, saying the FBI had assured him that it had informed credit card companies about compromised cards.
“We were caught between a very difficult situation where the FBI had control of the investigation and expected certain care in that investigation _ and the need to protect our customers,” said Friedman. “What little we could do, we did.”