Articles Posted in Cyberattack

Chicago-based Stoltmann Law Offices is representing clients who’ve been the victims of cybersecurity hacks. Third Parties who store and use your personal data have an obligation to keep that information secure. But in the online universe, cyberthieves are working 24/7 to steal this valuable commodity. Stolen data is bought and sold on the internet’s black market and used by other scamsters to open credit accounts with stolen identities.

Aon Corporation, the massive global insurance company, was recently hit with a class-action lawsuit over a cyber-hacking incident, or “data breach,” that allegedly lasted more than a year.  “The 25-page lawsuit comes after Aon revealed that it had been hit by a data breach that went undetected for over a year, from late December 2020 to February 2022, according to class-action.org. Per the complaint, cybercriminals breached the company’s systems to access insurance files containing consumers’ names, addresses, dates of birth, Social Security and driver’s license numbers and, in some cases, benefit enrollment information.”

The lawsuit also claims that Aon “lacked the security necessary to prevent such a hack” or stop unauthorized parties from stealing consumers’ personally identifiable information. Per the suit, Aon has disregarded consumers’ privacy rights and exposed their information to a heightened risk of misuse.” According to the complaint, Aon’s data breach notice “deliberately underplayed the severity of the breach and misrepresented that the insurer had no evidence cybercriminals had copied, retained, or shared the data, even though Aon knew cybercriminals had accessed its files for an extended period.” The suit states “Aon has offered data breach victims only 24 months of free credit monitoring services “despite the significant [personally identifiable information] that was compromised over a two-year period.”

Chicago-based Stoltmann Law Offices is representing investors who’ve suffered losses from firms that have not protected crypto assets. In this cyber age, some of the biggest thefts don’t involve masked robbers and guns. They happen online as thieves are increasingly stealing digital currencies and Non-Fungible Tokens (NFTs), which are valuable digital images. In the first quarter of this year alone, cyberthieves have robbed some $1.3 billion in hacking events, according to Atlas VPN.

How do thieves pull off these heists? They break into so-called online “digital wallets,” or online exchanges where investors store cyber currencies like Bitcoin. Unlike bank vaults with thick steel doors, these virtual storerooms can be accessed any number of ways through the internet. Third parties act as repositories for the currencies and include:

  • The Ethereum ecosystem was hacked 18 times, resulting in a loss of almost $636 million.

Stoltmann Law Offices is a Chicago-based securities, investment fraud, and class action law firm offering representing to defrauded investors and victims of fraud nationwide on a contingency fee basis.  We have been closely monitoring allegations that IRA Financial Trust account owners had over $36 million in crypto-currency stolen from their IRAs through a hack of their system on or around February 8, 2022. IRA Financial partners with Gemini Trust Co. to offer the opportunity for its self-directed retirement account clients to invest in cryptocurrency. IRA Financial represents on its website that “Our Trust company’s focus on compliance and security is based on three principles: State regulated, Industry-leading technology, and FDIC protection of cash up to $250,000 through Capital One.” The company goes on the admit that it “must meet the capitalization, compliance, anti-money laundering, consumer protection, and cybersecurity requirements set forth by the South Dakota Division of Banking, and protect the interests of our customers first and foremost.” In specifically representing their stringent “Infrastructure Security”, IRA Financial Trust represents that:

  • We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.
  • We partner with enterprise vendors to mitigate distributed denial-of-service (DDoS) attacks.

Chicago-based Stoltmann Law Offices has represented investors who have suffered losses as a result of their brokerage or investment accounts being infiltrated by hackers.  How safe are your retirement funds from hackers? With massive hacking activity and cybersecurity in the news every day, that’s an essential question to ask your financial advisor. Cybercriminals are trying to steal money and personal financial information 24-7.

Here’s a series of questions to ask: When financial advisors suspect that your retirement accounts are being hacked, have they reported this information to you? Even more importantly, have they reported it to federal authorities such as the FBI or Treasury Department? That’s not only the right thing to do, they are legally obligated to do so.

Of course, if an advisor or third party fails to report suspicious online activity to regulators, they may be breaking the law. The U.S. Securities and Exchange Commission (SEC), for example, recently imposed a $1.5 million fine and settled charges against GWFS Equities, an affiliate of Great West Life and Annuity Insurance Company, “for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs).”

Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.

FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).

Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).

Stoltmann Law Offices, P.C has represented SIM-Swap hacking victims and continues to investigate ongoing claims related to this sordid scam impacting many people.  A story reported by CNN last week went into detail about a specific victim in San Francisco. According to the story, Robert Ross had over $2 million stolen from him when his phone was hacked through a process called “SIM-Swapping” or “SIM-Jacking.” Like so many of these victims, Mr. Ross was a crypto-currency investor and those were the funds that were stolen from him.  Mr. Ross is suing his cellular provider, AT&T, for its role in enabling the fraudsters who stolen millions from him. The outcome of that lawsuit is far from certain. However, Stoltmann Law Offices continues to monitor updates on these SIM-Swapping scams and are fully engaged in prosecuting cases on behalf of victims against their cellular providers.

These cases are not highly technical or difficult to grasp once you understand some of the basics. First, its important to understand one bit of technical jargon.  What is a “SIM” card? A “SIM Card” is a memory chip contained inside a mobile phone which carries a unique identification number specific to the owner, stores the owner’s personal data, and disables the mobile phone if removed. SIM Swapping is a means of infiltrating someone’s cellular world by taking control of the user’s SIM Card and have it activated in a phone controlled by the scammer, without stealing the phone or breaking it open to actually remove the SIM card. Here, the infiltration is virtual and once the scammer has the customer’s SIM card activated in the phone in his possession, it can then be used to gain access to emails, brokerage accounts, bank accounts, and cryptocurrency virtual wallets.

The scheme is so incendiary because it takes advantage of two-step authentication – something we’ve all been told for years to have set up to PROTECT us from hackers.  Here’s how it works: The crook convinces AT&T (or Verizon, Sprint, or T-Mobile) that he is the account owner. The crook accomplishes this typically by making up a story why the phone number needs to be transferred to a new phone. In one case the imposter simply called AT&T Customer Service, told them he dropped his phone in a lake, and that he had a new phone that needed to be activated. Instead of determining whether the phone that was allegedly at the bottom of a lake was still active and in-use, the AT&T representative accepted the unverified representations of the imposter and activated the “new” phone in the hands of the scam artist. The customer’s actual phone was deactivated and by the time it was realized, the fraudster gained access to the customer’s email and then virtual wallet. The CNN story about what happened to Mr. Ross – noticing his cell phone had no service, or “zero bars” for no apparent reason – is the first indication your SIM has been compromised.

Crypto related currencies have been called a lot of things. The next big thing. A bright, shiny object.  When top financial regulators say they aren’t comfortable that they haven’t learned about the full dangers of crypto, you’re wise to be wary too. Investment promoters often try to convince hungry investors they can turn hot topics of the day from oil and gas fracking to self-driving cars into wealth.

But often the only wealth that surfaces from their drumbeat is an abundant pile of victims.  Crypto crooks stole over $4 billion from investors this year, the blockchain consulting firm CipherTrace warned in a new study.  Even the sophisticated are vulnerable and increasingly so.

“Exchanges and users are facing a greater sophistication in the tactics, techniques and procedures (TTPs) cybercriminals are using to target the cryptocurrency space. In the case of exchange robberies, hackers have developed advanced methods to overcome even the current “best practice” security in place at the more vigilant exchanges,” CipherTrace cautioned.

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information