Bitstamp Incident Report (February, 2015)
From the introduction of the report:
This is a confidential report prepared by George Frost, General Counsel of Bitstamp Limited (“Bitstamp” or the “the Company”). This report includes information gleaned from Bitstamp’s own records (including contemporaneous emails, forensic evidence and witness interviews), and derived from ongoing investigative reporting provided by the Stroz Friedberg private investigative group, as well as investigators from the Secret Service, FBI and the UK’s cyber-crime unit.
This is an active investigation. We believe we have identified at least one of the hackers and are baiting a “honey trap” to lure him into the UK in order to make an arrest. Moreover, we need to be very careful not to educate other criminal hackers about how we safeguard our assets and information. Accordingly, no part of this report may be made public or given to a third party without the prior express written permission of Bitstamp Ltd.
And yet the full report wound up on Scribd. Now how did THAT security breach happen?
The full report, now removed from Scribd at Bitstamp’s request, has already been mirrored elsewhere (and a link to the mirror tweeted), so it is likely that it has been downloaded by many people by now, including bad actors.