Many of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

SC Magazine Newswire

Security Wire Digest

Sophos Virus News

19 April 2010 - Two Arrested In Connection with Fraud-Enabling Site
Two men have been arrested in Eastern Europe in connection with a website that peddled services to aid identity thieves.  Dmitry Naskovets and Sergey Semashko were both arrested on April 15 -- Naskovets in the Czech Republic and Semashko in Belarus.  According to Naskovets's indictment, the two men allegedly launched the website, CallService.biz, in Lithuania in 2007.  The site offered services of people who spoke fluent English and German to help people with their fraud schemes - sometime financial institutions require telephone authorizations to authorize transactions.  The site allegedly helped more than 2,000 people commit more than 5,000 fraudulent transactions.  The FBI has seized the website.  US authorities are seeking to extradite Naskovets, and Semashko is facing charges in Belarus.
http://www.wired.com/threatlevel/2010/04/callservicebiz/
http://newyork.fbi.gov/dojpressrel/pressrel10/nyfo041910b.htm

15 April 2010 - Discarded Copiers Hold Sensitive Data on Hard Drives
A CBS news investigation found that the hard drives of four digital copy machines purchased second hand at a New Jersey warehouse contained treasure troves of personally identifiable information, including police files on domestic violence and sex crimes; copies of pay stubs and checks; and sensitive medical information such as test results, prescriptions and diagnoses.  Each machine cost approximately US $300. A survey conducted by Sharp two years ago indicated that 60 percent of Americans do not know that copiers store images on their hard drives.
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

9 April 2010 - Spammers Get Smarter By The Second
The exponential increase in spam causes untold headaches for IT administrators, who are required to manage the spam volumes, meticulously scan logs and chase down crucial e-mails that get trapped in spam filters.
http://newsletter.crn.com/cgi-bin4/DM/y/hBYcd0IMYEL0ElQ0HgRv0EM

9 April 2010 - China Hackers Launch Cyber Attack On India, Dalai Lama
A University of Toronto report alleged cyberspies from south China launched a sophisticated attack using social networks Twitter, Google Groups, Yahoo Mail and others to distribute malware that would steal classified documents from the Indian government and Dalai Lama.
http://newsletter.crn.com/cgi-bin4/DM/y/hBYcd0IMYEL0ElQ0HgRy0EP

30 March 2010 - Barnet Council Loses Data Related To 9,000 Children
Following the theft of a laptop, CDs and USB sticks during a burglary at the home of a Barnet Council employee, the council has admitted that data related to 9,000 children has been also been stolen.  While the laptop was encrypted the data were stored on the unencrypted USB sticks and CDs which the council has said was "against council policy".  The compromised data includes the names, birth dates, postcodes, ethnicity and education data on year 11 pupils attending any school in Barnett from 2006 to 2009.  The council believes the risk posed to the students by the compromised data is low, although there were concerns with the identity of one child which "has been dealt with."  To prevent a similar breach of policy occurring in the future the council has disabling access to external storage devices on its systems.
http://www.infosecurity-magazine.com/view/8472/barnet-council-discovers-9000-reasons-to-encrypt-data/

29 March 2010 - Found USB Stick Contains Sensitive Data
A USB stick has been found on a pavement in Stoke-on-Trent in England containing sensitive information on children in care.  The USB stick was not encrypted and contained dozens of documents belonging to the Stoke-on-Trent council, which included records of foster carers, child custody arrangements, psychological history of children and family court proceedings.  Storing information on USB sticks without encrypting it is against council policy and the council has stated "We will conduct a thorough investigation to determine the circumstances in which the data was lost."  In response the UK's Information Commissioner's office has said "We may serve an enforcement notice if an organisation has failed to comply with any of the data protection principles. We have statutory power to impose a financial penalty if there has been a serious breach of data protection."
http://www.scmagazineuk.com/usb-stick-containing-social-services-information-found-on-a-pavement/article/166783/

27 March 2010 - Loan Records for 3.3 Million Students Stolen
The personally identifiable information belonging to 3.3 million students was stolen from the headquarters of Minnesota based student loan servicing company, Educational Credit Management Corp. (ECMC).  The stolen information was stored on a number of portable devices which were taken during a break-in at the offices of ECMC.  It is not clear whether the stolen information was encrypted.
http://www.startribune.com/local/east/89307862.html

18 March 2010 - Spammers Go After Facebook Users
Spammers have been targeting Facebook members with data-stealing malware.  The malicious messages appear to come from legitimate senders, but the return address is spoofed.  The messages tell recipients that their Facebook passwords have been reset and that they need to download an attachment that contains the new password.  Although many users may know by now that websites would not reset passwords and email the new ones, because Facebook's user base is so large, the attackers appear to be hoping that at least some will fall for the ruse.
http://www.pcworld.com/businesscenter/article/191847/facebook_users_targeted_in_massive_spam_run.html

18 March 2010 - 25 Percent of UK Schoolchildren Admit to Accessing Others' Online Accounts
One quarter of school-aged children in the UK admitted to accessing other people's Facebook or web-based email accounts.  Seventy-eight percent of the students said that breaking into others' accounts was wrong and 53 percent said they believed it was illegal.  The reasons most often given for the unauthorized account access were just for fun and mischief.  Twenty percent of the students believed they could make money breaking into others' accounts, and five percent envisioned making a career out of cyber attacks.
http://www.theregister.co.uk/2010/03/18/uk_teenage_hacker_survey/

17 March 2010 - Report Says Internet Piracy Will Cost EU 1.2 Million Jobs by 2015
A report conducted on behalf of the International Chamber of Commerce says that illegal filesharing could cost European countries 1.2 million jobs and 240 billion euros over the next five years.  According to the report, the UK alone lost 1.4 billion euros in the creative industries in 2008, all due to piracy.  Trades Union Congress (TUC) General Secretary Brendan Barber said that "if there were ever proof needed to demonstrate why the Digital Economy Bill is imperative for the protection of our creative industries, this report is it." The report gathered data from European Union countries, the World Intellectual Property Organization, and Eurostat.  The analysis describes a worst case scenario based on consumer web traffic increasing 24 percent annually.
http://news.bbc.co.uk/2/hi/technology/8573162.stm

11 March 2010 - HSBC Apologizes to 24,000 Customers for Data Theft
HSBC has revised the number of customer records compromised by a former employee upward to 24,000.  Initially, the bank said that fewer than 10 customers were affected by the data theft.  Later, that number was revised to 15,000, and now it appears that an additional 9,000 accounts were compromised.  The data were stolen by a former bank employee who attempted to sell the information.  The bank does not believe that the stolen information would allow unauthorized access to the accounts, but it could leave account holders open to prosecution for tax evasion.  The former employee, Herve Falciani, allegedly copied the data onto a non-bank-issued computer.
http://www.v3.co.uk/computing/news/2259370/hsbc-theft-affects-thousands

10 March 2010 - Pennsylvania State CISO Loses Job After Speaking on Panel at RSA
Robert Maley, Pennsylvania's former chief information security officer (CISO), lost his job ostensibly because he spoke about a security incident with the Commonwealth's online driving test system without obtaining approval in advance.  The Commonwealth requires that employees get permission to speak about official matters before making public statements about them.  A spokesperson for Pennsylvania Governor Edward Rendell acknowledged that Maley no longer works for the Commonwealth, but declined to offer any details, citing Commonwealth privacy rules. Maley spoke on a panel of state CISOs at the RSA conference about an incident in which a driving school allegedly discovered and exploited an "anomaly" in the state driver's license test scheduling system that allowed it to bump its students to the front of the queue.
http://www.scmagazineus.com/pennsylvania-ciso-out-of-a-job-following-rsa-conference-appearance/article/165524/

4 March 2010 - FBI Director Says Cyber Terrorism Threat is Growing
Speaking at the RSA conference in San Francisco last week, FBI Director Robert S. Mueller said that the threat of cyber terrorism is "real and ... rapidly expanding."  Mueller also said that cyber criminals have broken into IT systems at private companies and government agencies and not only stolen information, but corrupted data as well.  While Mueller did not provide any details about what data had been corrupted or in what way data had been corrupted, he did note that attackers who gain access to source code could change it to allow them to plant malware or access systems later.   Mueller said that the government cannot fight cyber attacks alone; the public and private sectors need to cooperate and share information.  In particular, he urged companies to notify the government when they have been attacked.
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/04/AR2010030405066.html?nav=rss_nation/special

4 March 2010 - Phishers Used Facebook to Penetrate Financial Firm's Computer System
Phishers used Facebook to burrow their way into the network of a large US financial company last year.  The attackers took control of one employee's Facebook account and using information culled from that individual's friends' profiles, sent what appeared to be personal messages to several other company employees about pictures taken at a company picnic.  The phishers learned of the picnic through postings on the hijacked account.  When one of the other employees received a message asking her to click on a link that would allow her to view the pictures, her computer became infected with keystroke logging malware. When that employee logged in to a VPN account to access the company network, the attackers were able to capture the necessary information to gain access to that network.  The intruders managed to get deeper into the network and take control of two servers before they were detected.
http://lastwatchdog.com/facebook-phishers-breached-corporate-network/

26 February 2010 - Wyndham Hotels Acknowledges Third Breach in a Year
Wyndham Hotels & Resorts has acknowledged that attackers gained access to their computer systems and stole customer data.  This is the third data breach for Wyndham in the last year.  The most recent breach took place sometime between October 2009 and January 2010.  The stolen data included information from the magnetic stripes of customers' credit cards.  Wyndham has not yet notified affected customers of the breach.
http://www.computerworld.com/s/article/9163041/Wyndham_hotels_hacked_again

19 February 2010 - FBI Investigating School District's Remote Webcam Use
The FBI is investigating allegations that the Lower Merion School District, in Ardmore, Pennsylvania has been using built-in cameras in school-issued MacBook laptop computers to spy on students at home.
Michael and Holly Robbins, parents of a district high school student, have asked a federal judge to bar the district from turning on the webcams.  They also want the judge to prevent the district from recalling the computers from students because they fear students will wipe evidence of the cameras' use from the machines.  The district maintained it was using the webcam to locate missing computers, and disabled the function two days after the Robbinses filed their suit. According to the lawsuit, the Robbinses' son "was at home using a school issued laptop that was neither reported lost nor stolen when his image was captured by Defendants without his or his parents' permission."  The Robbinses' lawsuit is seeking class action status.
http://www.cnn.com/2010/CRIME/02/19/laptop.suit/index.html

18 February 2010 - Kneber Botnet Infected 75,000 Computers
The Kneber botnet has reportedly breached nearly 75,000 computers. The goal of the malware is to harvest login credentials for online financial accounts, social networking sites, and email systems. The compromised systems include those at some US government agencies and commercial enterprises, such as Merck (a pharmaceutical company) and Paramount Pictures. Organizations are advised to limit and monitor outbound traffic to stem damage from similar infections.
http://www.msnbc.msn.com/id/35456838/ns/technology_and_science-security/

15 February 2010 - Royal Dutch Shell Investigating Employee Database Leak
A database containing personal information of more than 170,000 Royal Dutch Shell employees has been copied and sent to environmentalists and human rights groups.  The database was "downloaded without authorization and distributed to some external parties."  Those responsible for the leak have not been identified, but could be disgruntled and/or former employees seeking a "peaceful corporate revolution."  The data in the file are about six months old.  Shell is investigating the breach, and is demanding that organizations that received a copy of the database destroy it or face legal action.
http://www.theregister.co.uk/2010/02/15/shell_data_loss/

13 February 2010 - Phony Anti-Virus Malware Adds Live Support
Cyber criminals behind the Live PC Care phony anti-virus scam have begun offering live support to add a layer of credibility to their operation. The phony antivirus software screen now has an online support button that allows users to chat with an agent who will do his or her best to convince the user to pay money to solve the purported security problems. Symantec researchers say that their interactions with the support staff suggest that there are real people manning the chats.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?
articleID=222900276&cid=RSSfeed_IWK_All

5 February 2010 - FBI Wants ISP to Retain Sites Visited Data for Two Years
The FBI wants Internet service providers (ISPs) to keep records of which websites its customers visit and to retain the data for two years.  The agency believes that the information could prove useful in investigations of serious crimes.  Existing federal regulations require telecommunications providers to keep records of toll calls for 18 months; the information logged includes the "name, address, and telephone number of the caller, telephone number called, date, time and length of call."  The FBI is not seeking the content of communications, just "non-content transactional data."
http://news.cnet.com/8301-13578_3-10448060-38.html

25 January 2010 - Study Shows US $100,000 Increase in Costs Associated With Average Breach
According to a study from the Ponemon Institute, the costs associated with data security breaches rose US $100,000 between 2008 and 2009, from US $6.65 million to US $6.75 million.  The figures were formulated based on 45 reported breaches of sensitive customer data in 2009 at companies that were willing to discuss the incidents.  The average cost per compromised record in 2009 was US $204, up just US $2 from 2008 figures, but over the five years that the study has been conducted, cost per record has increased $66.  The factors considered in figuring the cost of a breach include cost of lost business; legal fees; disclosure expenses; consulting; and remediation.  The study divides the breaches into three main causes: negligence, accounting for 40 percent of the incidents; system glitches, which account for 36 percent; and malicious attacks, which account for 24 percent.
http://www.pcworld.com/businesscenter/article/187611/data_breaches_get_costlier.html

25 January 2010 - The Top 20 website passwords you shouldn't be using
Computer users continue to choose predictable passwords that are easy to guess - a new study reveals.  Find out which password is the most commonly used, and learn a way to help your users dream up passwords that are hard to crack, but still easy for them to remember.
http://www.sophos.com/blogs/gc/g/2010/01/22/top-20-website-passwords

25 January 2010 - Johnny Depp death crash video launches malware attack
Word spread like wildfire across the internet this weekend that actor Johnny Depp had been killed in a car crash.  The story was bogus, but that didn't stop hackers taking advantage of the hot topic to spread a malicious Trojan. Discover more, and watch our video where we demonstrate the attack in action.
http://www.sophos.com/blogs/gc/g/2010/01/24/johnny-depp-died-car-crash

22 January 2010 - Hard Drives Stolen From BlueCross BlueShield Contained Member Information
A thief stole 57 hard drives from BluleCross BlueShield of Tennessee. The hard drives contained an estimated 500,000 member records and personal information.
http://www.scmagazineus.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/

22 January 2010 - New version of Zeus Targeting AIM users
A new iteration of Zeus, a notorious password-stealing trojan, is victimizing users of AOL Instant Messenger (AIM), according to researchers at anti-virus vendor Webroot
http://www.scmagazineus.com/new-version-of-zeus-targeting-aim-users/article/162090/

20 January 2010 - People Leaving USB Drives in Clothing Pockets, Say Cleaners
A UK survey found that 4,500 USB drives have been found in people's clothing pockets when they were taken to dry cleaners.  That number is half what it was a year earlier, but this could be explained by a shift to users downloading data to smartphones and netbooks as opposed to increased vigilance about data security.  USB drive security was in the news recently when several manufacturers acknowledged a vulnerability in the access control mechanism of their devices.http://www.csoonline.com/article/519330/Taken_to_the_Cleaners

11 January 2010 - South Korean Military to Ban USB Drives
The South Korean military says it will ban the use of USB drives.  The South Korean military is building a new data transfer system; once that system is complete, use of USB drives will no longer be permitted.  The decision comes in the wake of attempts to infiltrate South Korean military computer systems.  Last year, information about a joint South Korea/US military contingency plan was compromised due to the use of a portable storage device. http://gcn.com/articles/2010/01/11/korea-bans-flash-drives.aspx

11 January 2010 - Facebook Group Page Has Links to Malware-Laced Sites
Miscreants intent on spreading malware appear to be preying on people's unfounded fears that Facebook plans to begin charging users for its services.  A Facebook group that appears to offer a place for people to protest the rumored fees has been shown to contain malware.  The group pages themselves appear to be clean, but link to suspicious sites. Snopes.com has posted a warning about the deceptive groups and associated pages.
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/
http://www.snopes.com/computer/internet/fbcharge.asp

8 January 2010 - Wide-Reaching Spear Phishing Campaign Claims to be Outlook Alert
A recently detected spear phishing scheme is spreading in the guise of a Microsoft Outlook alert.  This particular attack is targeting a large number of domain names in the hope of tricking more users into clicking on a link that will download a variant of the Zbot banking Trojan horse program onto their computers.  The attack also personalizes the emails in an attempt to gain users' trust.http://content.usatoday.com/communities/technologylive/post/2010/01/faked-outlook-updates-spreading-banking-trojans/1

4 January 2010 - Convicted Filesharer Seeks Lower Fine
The Boston University student who was fined US $675,000 for illegally downloading music has asked a judge to reduce the penalty or give him a retrial.  Joel Tenenbaum, who was fined US $22,500 for each of 30 songs he was found guilty of downloading in violation of copyright law, says the amount is "grossly excessive."
http://news.bbc.co.uk/2/hi/technology/8441306.stm
http://abcnews.go.com/Technology/wireStory?id=9476541

1 January 2010 - French Anti-Piracy Law Now in Effect
France's new Internet anti-piracy law took effect on January 1. Internet users who download music in violation of copyright laws will first receive email warnings.  If they continue to violate the law, they will then receive written warnings.  If they persist in illegal filesharing activity after both warnings, they will be required to appear before a judge who will have the authority to fine the individual or suspend the individual's Internet access.
http://news.bbc.co.uk/2/hi/europe/8436745.stm

31 December 2009 - Indiana Fugitive Found Through Online Game
The Howard County, Indiana Sheriff's Department found a fugitive from justice through his penchant for playing the online game World of Warcraft (WoW).  Alfred Hightower had fled to Canada to evade a warrant issued for his arrest in 2007.  After learning that Hightower is an avid WoW player, Deputy Matt Roberson sent a subpoena to Blizzard Entertainment in Canada, seeking information that would help his office locate Hightower.  Because the company is Canadian and Roberson had no jurisdiction there, he did not expect anything to come of it, but several months later, he received data from the company that included Hightower's IP address, account information and history, billing address and online screen name.  The information was enough to find Hightower and have him deported to the US, where he is expected to face the 2007 charges.http://kokomoperspective.com/news/local_news/article_15a0a546-f574-11de-ab22-001cc4c03286.html

30 December 2009 - McAfee Report Predicts Top Threats and Trends for 2010
According to McAfee's 2010 Threat Predictions Report, Adobe Reader and Adobe Flash will be the top targets for malware writers in 2010.  Users are not always aware that the applications need updating, and the updates themselves can prove complicated to apply.  The report also predicts that the severity of attacks against social networking sites will increase and that Trojans designed to steal banking information will become more sophisticated and harder to detect.
http://www.theregister.co.uk/2009/12/29/security_predictions_2010/

28 December 2009 - Chinese Matchmaking Site Data Stolen
A former board member of a Chinese matchmaking website is accused of stealing applicant information and trying to sell it to other companies. In all, about 16,000 people who registered with the site are affected by the alleged data theft.  The unnamed individual took the data from the company before he resigned in mid-2006.
http://news.asiaone.com/News/AsiaOne%2BNews/Crime/Story/A1Story20091226-188083.html

24 December 2009 - GAO Report Points Fingers in Nuclear Site Document Leak
A report from the Government Accountability Office (GAO) faults five government agencies, two congressional offices and the National Security Council for the leak of information about hundreds of US civilian nuclear facilities.  The document was published on the Government Printing Office website in June and remained visible for about one day. The document was intended for the International Atomic Energy Agency (IAEA).  Some of the confusion stemmed from the document's classification with an IAEA term that is not recognized in the US.  NSC did not provide specific instructions for handling the document once delivered to the White House clerk's office.
http://www.washingtonpost.com/wp-dyn/content/article/2009/12/23/AR2009122302970_pf.html

23 December 2009 - MBNA Customer Credit Card Data on Stolen Laptop
MBNA is notifying thousands of customers that a laptop stolen from NCO Europe offices contains their credit card information.  NCO Europe is a third-party contractor.  Although the files do contain personal information, no PINs are believed to be included. While no fraudulent activity has been detected on the compromised accounts, MBNA is offering affected customers one year of credit monitoring service and is monitoring all compromised accounts.
http://www.scmagazineuk.com/mbna-confirms-data-loss-after-laptop-containing-personal-details-of-thousands-of-customers-was-stolen-from-vendor/article/160217/
http://www.net-security.org/secworld.php?id=8656

22 December 2009 - Former Asst. DA Draws Probation for Unauthorized Access to Information
A Louisiana man has been sentenced to two years of probation and ordered to pay a US $3,000 fine for unauthorized access to information by use of a computer.  Perry Booth was employed as an Assistant District Attorney for Jefferson Parish, Louisiana when he noted the license plate of an individual involved in a near miss traffic incident.  Booth asked an investigator in the DA's office to access a confidential law enforcement database to find out the person's identity.  He then sent that person a threatening letter referring to the traffic incident. http://neworleans.fbi.gov/dojpressrel/pressrel09/no122209.htm

21 December 2009 - Possible Prison Time for Sending Spyware
A n Ohio man could face time in prison for sending spyware to a woman's computer.  Scott Graham sent the spyware surreptitiously as an email attachment; the recipient opened the mail on two computers at her
workplace: Akron Children's Hospital.  The software harvested confidential medical procedure and financial information.  The spyware was discovered because it was slowing down the hospital's computer system.  The software is legal to use on computers owned by the person who purchases it.  Graham has pleaded guilty to one felony charge of intercepting electronic communications.
http://www.coshoctontribune.com/article/20091221/NEWS01/912210309/1002/NEWS01/Cleveland-man-faces-prison-on-e-mail-spying-charge

17 December 2009 - Eleven Sentenced to Jail For Stealing Online Gaming Account Credentials
Chinese authorities have jailed 11 people for their roles in a scheme that aimed to steal online gaming login credentials.  The group used Trojan horse programs to steal the information from five million profiles.  They then sold game artifacts they accessed through the accounts, making a total of 30 million yuan (US $4.4 million).  The eleven people received sentences of up to three years; the group was also fined a total of US $120,000.  Dozens more people involved in the scheme are expected to be sentenced soon.
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/

17 December 2009 - Conficker on 6.5 Million Machines Worldwide
According to information from Shadowserver, one in seven computers infected with Conficker are hosted on Chinese Internet service provider (ISP) Chinanet.  The ISP's infected machines account for 14 percent of all known infected machines, but make up just one percent of the company's network.  Other ISPs have infection rates as high as 25 percent.  Conficker has infected an estimated 6.5 million computers around the world.
http://www.securityfocus.com/news/11568

16 December 2009 - Stolen Laptop Holds Military and DoD Employee Information
A laptop computer stolen from the home of a Fort Belvoir Family and Morale, Welfare and Recreation Command contains personally identifiable information of more than 42,000 US Army soldiers, US Department of Defense employees and their families.  The theft occurred on November 28.  The Command learned of the theft on December 1. Affected individuals will be notified of the security breach by letter.
http://www.scmagazineus.com/thief-steals-us-army-laptop-from-employees-home/article/159875/

16 December 2009 - House Ethics Committee Data Leak Prompts Security Policy Changes
US House of Representatives chief administrative officer Daniel P. Beard has recommended that legislative aides undergo new cyber security training and that the legislature take additional steps to protect sensitive data.  The recommendations are the result of a six week review prompted by the inadvertent leak of an Ethics Committee document.  The new security policies will be clear in their insistence that all House data remain on House equipment, that the data must be encrypted when they are stored on mobile devices and that they cannot be sent over any public system.  Beard is also seeking to implement a requirement that the House's wireless Internet service be password protected.  In addition, legislative employees who travel out of the country will have their wireless devices, including laptops, checked both before and after trips.
http://www.washingtonpost.com/wp-dyn/content/article/2009/12/15/AR2009121505075_pf.html

15 December 2009 - Minnesota Public Radio and Reporter May Face Legal Action Over Data Access
A Texas company is threatening to take legal action against a Minnesota Public Radio (MPR) and one of its reporters after they aired a story about security problems at the company that exposed sensitive personal information.  Lookout Services, which allows its customers to verify the identities of potential employees, maintains that MPR and Sasha Aslanian broke the law when they accessed databases containing information for five Lookout customers, compromising the personal information of 500 people.  Lookout acknowledges that its website was misconfigured in such a way as to allow unauthorized users to view customer information.
http://www.theregister.co.uk/2009/12/15/lookout_services_security_breach/

14 December 2009 - Stolen Swiss Bank Data Used in French Tax Evasion Investigation
Some of the data used by French authorities in tax evasion investigations appears to have been leaked by a former employee of HSBC Private Bank in Switzerland.  Initially it was believed the man had provided French authorities with information on about 10 accounts, but that number is now believed to be much higher.  The data were stolen about three years ago and a criminal complaint was filed in 2008.  The man allegedly gave the information to the French government, but was not paid for it.  He is reportedly under judicial protection in France.
http://www.computerworld.com/s/article/9142139/HSBC_confirms_data_theft_by_former_employee