An eastern European man has been extradited and will face a federal judge in Pittsburgh on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies. (Mobile users: Scroll down for full story.)
Thirty-year-old Andrey Ghinkul is from Moldova.
He was arrested in August while on vacation in Cyprus and was extradited to Pennsylvania last week.
He’ll appear before a federal magistrate Friday afternoon and be returned to the Allegheny County jail in Pittsburgh. Federal prosecutors plan to ask that he remain jailed until trial.
U.S. victims of the malware Ghinkul’s ring allegedly used to infect computers lost about $10 million. The charges were filed in Pittsburgh partly because the greatest threats involved a bank and a school district in western Pennsylvania.
Pittsburgh • An Eastern European man was set to face a federal judge in Pittsburgh on Friday on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies.
Andrey Ghinkul, 30, is from Moldova. He was arrested in August while on vacation in Cyprus and was extradited to Pennsylvania last week.
Prosecutors plan to ask that he remain jailed until trial because they say he a risk to flee prosecution.
U.S. victims of the Bugat malware that infected computers of those who opened the phishing emails lost about $10 million, the FBI said. The charges were filed in Pittsburgh partly because the greatest threats involved a bank and a school district in western Pennsylvania. Worldwide, businesses and others have lost at least $25 million, U.S. Attorney David Hickton said.
An employee of Penneco Oil Company Inc. in Delmont opened an email that attacked the computer and enabled Ghinkul and others to attempt bank transfers in the company’s name.
The hackers moved nearly $2.2 million from a Penneco account to a bank in Krasnodar, Russia, in August 2012 and moved $1.35 million from a Penneco account to a bank in Minsk, Belarus, in September 2012, authorities said. Another attempted transfer of about $76,000 to a Philadelphia bank account that same month failed, the indictment said.
Penneco’s senior vice president, D. Marc Jacobs, said the company learned they’d been hacked after an employee’s email went berserk in May 2012. The company’s computer consultant referred them to the FBI.
The company’s bank, First Commonwealth based in Indiana, Pennsylvania, is now considered the victim in the case because it restored the stolen funds. Any restitution will go to the bank.
The Sharon City School District was also a victim of the scheme. Hackers tried and failed to transfer $999,000 from one of its bank accounts to an account in Kiev, Ukraine, in December 2011, the indictment said.
Saint Joseph’s Healthcare System in New Jersey recently announced that more than 5,000 employees at some of its facilities may be at the risk of identity theft following aphishing scam that potentially compromised their information.
Facilities in Paterson, Wayne and Cedar Grove locations were affected, according to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr. Patient data and medical information were not affected, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.
Morristold The Record that there was no indication that the phishing scam was an internal crime, and that it was an “extremely sophisticated” scam. He added that the scam included a named company executive using an internal email.
“There was no intrusion or breach of our internal IT system,” he explained to the news source. “None of that data was compromised.”
Affected employees will be receiving free credit monitoring. Local and federal authorities have also been notified, as well as the system’s insurance carrier, according to Morris.
“Our primary focus is really protecting our employees and their credit health,” he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”
Other recent potential data breaches included improperly disposed devices and mis-mailings.
Potential data breach at Iowa pharmacy
A Des Moines, Iowa-based pharmacy is warning some customers of a potential data breach after an external hard drive was “inadvertently” disposed of on November 5, 2015.
The Medicap Pharmacy hard drive reportedly contained personal information that the organization believed to have been encrypted,according to The Des Moines Register. However, Medicap said it learned on December 3 that some of the data may not have been encrypted.
Customers who filled prescriptions at the Des Moines pharmacy between June 2014 and Nov. 3, 2015, may have had some information exposed. This data included names, addresses, dates of birth, telephone numbers, prescriber information, names of medications, costs, insurance information and Social Security numbers.
Medicap told the news source that there is no indication that the information was obtained, accessed, or misused. Even so, the pharmacy urged individuals who suspect they may have been the victim of identity theft to contact local law enforcement or the state attorney general’s office.
Borgess Rheumatology in Michigan recently reported that 700 patients may have been contacted by mistake through mailings, potentially exposing a limited amount of information to the wrong individuals.
Letters were reportedly mailed to patients on December 9, 2015,according to a WWMT report, and Borgess learned of the incident on December 10. While Social Security numbers were not included in the information mailed out, patient names and the fact that they visit Borgess were included.
Once Borgess found out what happened, it immediately began to contact patients.
“Borgess takes patient confidentiality very seriously and we deeply regret that this has occurred,” Borgess Corporate Responsibility Officer & HIPAA Privacy Officer Susan McDonald said in a statement. “We are doing everything we can to notify patients who were impacted by this mistake.”
Borgess added that it is taking “aggressive steps” to ensure this type of incident does not happen again. While it was not specified exactly how the mis-mailings took place, the organization said that it was also re-educating and training staff on necessary safeguards. Borgess policies and procedures will also be reviewed.
Sign up to receive our newsletter and access our resources