Latvian Attack Costs Firm $375,000

A Montana brokerage firm has been fined $375,000 for failing to protect confidential client data from a computer hacker and a group of Latvian accomplices who accessed the firm's files on Christmas Day 2007 and then tried to extort money from the firm.

The hackers retrieved records for 192,000 of the firm’s customers — although no customers are known to have been fraud victims because of the hacking.

The fine was levied against D.A. Davidson & Company of Great Falls, Mont., on April 12 by the Financial Industry Regulatory Authority, an independent regulator. FINRA found that D.A. Davidson did not properly safeguard the customer information on its computer Web server. The unprotected information included customer account numbers, Social Security numbers, names, addresses, dates of birth and other confidential data, FINRA officials said.

The computer hacker and his accomplices got access to the company’s servers and the customer information on Dec. 25 and Dec. 26, 2007 — and then sent an email to D.A. Davidson on Jan. 16, 2008, attempting to extort money from the firm. The e-mail included an attachment with the records of 20,000 customers as proof of the successful hacking, according to Wired.com.

After receiving the e-mail, D.A. Davidson officials reported the incident to law enforcement authorities. Eventually, authorities tracked down three people who participated in the scheme — Latvian nationals who were extradited to Montana from the Netherlands. They have pleaded guilty to receiving extortion proceeds, and are scheduled to be sentenced in June.

Authorities say a fourth suspect — who calls himself Robert Borko and who is still at large — is responsible for conducting the breach. Court documents indicate he told D.A. Davidson officials he would delete the stolen information for a payment of $80,000.