Russian Hackers Stockpile Over 1 Billion Internet Credentials: Industry Leaders Across All Sectors Likely Impacted


A Russian hacking group reportedly engaged in the largest known cyberattack by amassing over 1.2 billion unique sets of usernames and passwords and 500 million email addresses from more than 420,000 web and FTP sites. The attack was uncovered by Hold Security, an information security company based in Milwaukee, which has been investigating the attack for several months. Various news reports have confirmed the company’s findings. Among the victims are “leaders in virtually all industries across the world,” including “the auto industry, real estate, oil companies, consulting firms, car rental businesses, hotels, computer hardware and software firms and the food industry,” but Hold Security is not naming specific victims. The security firm intends to reach out to individual victims confidentially. The Russian hackers reportedly utilized a hacking technique known as a SQL injection, which exploits a security vulnerability in an application’s software to inject malicious code.

Companies that are victims of the cyberattack that collect information from California and Florida residents may have an obligation under those state data breach notification laws to notify affected individuals and government agencies. In California and Florida, personally identifiable information includes an email address or username in combination with a password, among other data elements. If consumer usernames or email addresses and passwords were stolen by the Russian hackers, companies that collect that information from California or Florida residents may have a duty to notify the consumers and report the breach to government authorities.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.