Follow-up: Settlement OK’d in DA Davidson hacker lawsuit, extortionists indicted
In January 2008, Davidson Companies, a Great Falls-based investment company, revealed that a hacker had broken into a database in 2007 and obtained the names and Social Security numbers of some 226,000 Davidson clients. A lawsuit filed against the company in April was re-filed in May of 2008. Now the lawsuit has settled and there has been progress on the law enforcement front in identifying those involved and bringing them to justice.
Claire Johnson of the Billings Gazette reports that a class action lawsuit filed against the company has now been settled. The terms of the settlement include a $1 million reserve for class members for reimbursement if they suffer losses through identity theft. The agreement also reportedly gives them until June 2011 to file a claim for losses.
Meanwhile, a criminal investigation into the hacking of Davidson’s computer files appears to have borne fruit. Investigators followed a trail that led to the arrest of three Latvians in the Netherlands. The suspects allegedly were to pick up money from the company in an extortion plot in which D.A. Davidson initially was advised to send the money to Russia.
The three Latvian suspects were extradited from the Netherlands and arrived in the United States on Oct. 22. Aleksandrs Hoholko, 29, Jevgenijs Kuzmenko, 25, and Vitalijs Drozdovs, 33, pleaded not guilty during an arraignment in Great Falls on Oct. 26.
A fourth “John Doe” defendant, identified as Robert Borko, has not appeared on charges.
Prosecutors allege that it was the fourth defendant who hacked into D.A. Davidson’s computer system and downloaded more than 300,000 client files.
He then sent the company an e-mail advising that their clients’ financial information had been compromised and attached 20,000 account records to prove his claim. In more e-mails, the hacker suggested that the company may want to keep the breach confidential, identified himself as a information technology security consultant and agreed to delete all the stolen information and identify security weaknesses.
Read more in the Billings Gazette.
Maybe my memory is shot, but I don’t recall ever hearing about the extortion aspects of this incident until now.