Tag Archives: Cyber Attack

North Korea hackers stole South Korea-U.S. military plans to wipe out North Korea leadership: lawmaker

The North Korea flag flutters next to concertina wire at the North Korean embassy in Kuala Lumpur, Malaysia March 9, 2017. REUTERS/Edgar Su

By Christine Kim

SEOUL (Reuters) – North Korean hackers stole a large amount of classified military documents, including South Korea-U.S. wartime operational plans to wipe out the North Korean leadership, a South Korean ruling party lawmaker said on Wednesday.

Democratic Party representative Rhee Cheol-hee said 235 gigabytes of military documents were taken from the Defense Integrated Data Center in September last year, citing information from unidentified South Korean defense officials.

An investigative team inside the defense ministry announced in May the hack had been carried out by North Korea, but did not disclose what kind of information had been taken.

Pyongyang has denied responsibility in its state media for the cyber attacks, criticizing Seoul for “fabricating” claims about online attacks.

Separately on Wednesday, cyber security firm FireEye said in a statement North Korea-affiliated agents were detected attempting to phish U.S. electric companies through emails sent in mid-September, although those attempts did not lead to a disruption in the power supply.

It did not specify when the attempts had been detected or clarify which companies had been affected.

Rhee, currently a member of the National Assembly’s committee for national defense, said about 80 percent of the hacked data had not yet been identified, but that none of the information was expected to have compromised the South Korean military because it was not top classified intelligence.

Some of the hacked data addressed how to identify movements of members of the North Korean leadership, how to seal off their hiding locations, and attack from the air before eliminating them.

Rhee said the North could not have taken the entire operation plans from the database because they had not been uploaded in full.

These plans had likely not been classified properly but defense ministry officials told Rhee the hacked documents were not of top importance, he said.

“Whatever the North Koreans took, we just need to fix the plans,” Rhee later told Reuters by telephone. “I disclosed this because the military hasn’t been doing that fast enough.”

SIMPLE MISTAKE

Rhee said on radio the hack had been made possible by “a simple mistake” after a connector jack linking the military’s intranet to the internet had not been eliminated after maintenance work had been done on the system.

The South Korean Defense Ministry’s official stance is that they cannot confirm anything the lawmaker said about the hacked content due to the sensitivity of the matter.

In Washington, the Pentagon said it was aware of the media reports but would not comment on the potential breach.

“Although I will not comment on intelligence matters or specific incidents related to cyber intrusion, I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” Pentagon spokesman Colonel Robert Manning told reporters.

FireEye said the phishing attack on the electric companies detected was “early-stage reconnaissance” and did not indicate North Korea was about to stage an “imminent, disruptive” cyber attack. The North has been suspected of carrying out similar cyber attacks on South Korean electric utilities, in addition to other government and financial institutions.

Those attempts were likely aimed at creating a means of “deterring potential war or sowing disorder during a time of armed conflict”, FireEye said.

“North Korea linked hackers are among the most prolific nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” its statement said.

“Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback,” it said.

(Reporting by Christine Kim in SEOUL and Ishita Chigilli Palli in Bengaluru; Additional reporting by Idrees Ali in Washington; Editing by James Dalgleish, Michael Perry and Paul Tait)

Israeli spies found Russians using Kaspersky software for hacks: media

The logo of the anti-virus firm Kaspersky Lab is seen at its headquarters in Moscow, Russia September 15, 2017. REUTERS/Sergei Karpukhin

WASHINGTON (Reuters) – Israeli intelligence officials spying on Russian government hackers found they were using Kaspersky Lab antivirus software that is also used by 400 million people globally, including U.S. government agencies, according to media reports on Tuesday.

The Israeli officials who had hacked into Kaspersky’s network over two years ago then warned their U.S. counterparts of the Russian intrusion, said The New York Times, which first reported the story. http://nyti.ms/2yev8Vj

That led to a decision in Washington only last month to order Kaspersky software removed from government computers.

The Washington Post also reported on Tuesday that the Israeli spies had also found in Kaspersky’s network hacking tools that could only have come from the U.S. National Security Agency. http://wapo.st/2i2clXa

After an investigation, the NSA found that those tools were in possession of the Russian government, the Post said.

And late last month, the U.S. National Intelligence Council completed a classified report that it shared with NATO allies concluding that Russia’s FSB intelligence service had “probable access” to Kaspersky customer databases and source code, the Post reported.

That access, it concluded, could help enable cyber attacks against U.S. government, commercial and industrial control networks, the Post reported.

The New York Times said the Russian operation, according to multiple people briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, which had Kaspersky antivirus software installed on it.

It is not yet publicly known what other U.S. secrets the Russian hackers may have discovered by turning the Kaspersky software into a sort of Google search for sensitive information, the Times said.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules, the Times said.

The newspaper said the National Security Agency and the White House declined to comment, as did the Israeli Embassy, while the Russian Embassy did not respond to requests for comment.

The Russian embassy in Washington last month called the ban on Kaspersky Lab software “regrettable” and said it delayed the prospects of restoring bilateral ties.

Kaspersky Lab denied to the Times any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement on Tuesday.

Eugene Kaspersky, the company’s co-founder and chief executive, has repeatedly denied charges his company conducts espionage on behalf of the Russian government.

Kaspersky spokeswoman Sarah Kitsos told the Washington Post on Tuesday that “as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.” She said the company “does not possess any knowledge” of Israel’s hack, the Post said.

U.S. intelligence agencies have concluded that Russian President Vladimir Putin ordered a multipronged digital influence operation last year in an attempt to help Donald Trump win the White House, a charge Moscow denies.

(Reporting by Eric Walsh; editing by Grant McCool)

Exclusive: SEC’s corporate filing system vulnerable to denial of service attacks – memo

FILE PHOTO: The seal of the U.S. Securities and Exchange Commission hangs on the wall at SEC headquarters in Washington, DC, U.S. on June 24, 2011. REUTERS/Jonathan Ernst/File Photo

By Sarah N. Lynch and Jim Finkle

(Reuters) – The U.S. Securities and Exchange Commission (SEC), Wall Street’s top regulator, has discovered a vulnerability in its corporate filing database that could cause the system to collapse, according to an internal document seen by Reuters.

The SEC’s September 22 memo reveals that its EDGAR database, containing financial reports from U.S. public companies and mutual funds, could be at risk of “denial of service” attacks, a type of cyber intrusion that floods a network, overwhelming it and forcing it to close.

The discovery came when the SEC was testing EDGAR’s ability to absorb monthly and annual financial filings that will be required under new rules adopted last year for the $18 trillion mutual fund industry.

The memo shows that even an unintentional error by a company, and not just hackers with malicious intentions, could bring the system down. Even the submission of a large “invalid” form could overwhelm the system’s memory.

The defect comes after the SEC’s admission last month that hackers breached the EDGAR database in 2016.

The discovery will likely add to concerns about the vulnerability of the SEC’s network and whether the agency has been adequately addressing cyber threats.

The mutual fund industry has long had concerns that market-sensitive data required in the new rules could be exploited if it got into the wrong hands.

The industry has since redoubled its calls for SEC Chairman Jay Clayton to delay the data-reporting rules, set to go into effect in June next year, until it is reassured the information will be secure.

“Clearly, the SEC should postpone implementation of its data reporting rule until the security of those systems is thoroughly tested and assessed by independent third parties,” said Mike McNamee, chief public communications officer of The Investment Company Institute (ICI), whose members manage $20 trillion worth of assets in the United States.

“We are confident Chairman Clayton will live up to his pledge that the SEC will take whatever steps are necessary to ensure the security of its systems and the data it collects.”

An SEC spokesman declined to comment.

The rules adopted last year requiring asset managers to file monthly and annual reports about their portfolio holdings were designed to protect them in the event of a market crisis by showing the SEC and investors that they have enough liquidity to cover a rush of redemptions.

During a Congressional hearing on Wednesday, Clayton testified that the agency was considering whether to delay the rules in light of the cyber concerns. He did not, however, mention anything about the denial of service attack vulnerability.

VIRTUAL VOMIT

EDGAR is the repository for corporate America, housing millions of filings ranging from quarterly earnings to statements on acquisitions.

It is a virtual treasure trove for cyber criminals who could trade on any information gleaned before it is publicly released.

In the hack disclosed last month involving EDGAR, the SEC has said it now believes the criminals may have stolen non-public data for illicit trading.

The vulnerability revealed in the September memo shows that even an invalid form could jam up EDGAR.

The system did not immediately reject the form, the memo says. Rather, “it was being validated for hours before failing due to an invalid form type.”

That conclusion could spell trouble for the SEC’s EDGAR database because it means that if hackers wanted to, they could “basically take down the whole EDGAR system” by submitting a malicious data file, said one cyber security expert with experience securing networks of financial regulators who reviewed the letter for Reuters.

“The system would consume the data and essentially throw up on itself,” the person added.

(Reporting by Sarah N. Lynch in Washington and Jim Finkle in Toronto; Editing by Carmel Crimmins)

German companies see threefold rise in cyber attacks, study finds

A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

BERLIN (Reuters) – The number of German companies targeted by cyber attacks in the past three years has tripled compared with the three years to 2015 and the figure is growing steadily, a study showed on Thursday.

From the 450 German companies surveyed by the audit and consulting company EY, 44 percent said they had been spied on. But Bodo Meseke, an expert at EY, said many companies did not notice attacks.

The study found that 67 percent of managers at larger enterprises – those with a turnover of more than one billion euros ($1.17 billion) – expect a significant increase in the number of attacks on their businesses.

Managers see the biggest danger coming from Russia, followed by China, and the United States.

“Recently, the threat increased rapidly again and it comes from different sides. In addition to intelligence services and (business) competitors, organized crime is increasingly becoming an adversary,” Meseke said.

A separate study by the Allensbach polling institute for Deloitte also published on Thursday showed that 27 percent of executives in medium and large companies said their businesses were exposed to IT attacks every day.

Four years ago, 12 percent suffered daily attacks.

The Allensbach study, based on interviews with politicians and companies, found that 97 percent of respondents saw a large-scale hacker attack to be “at least” or “very” probable.

Three-quarters of those questioned perceive a major cyber attack risk that would target infrastructure facilities such as electricity grids or hospitals and just as many contamination by computer viruses.

(Reporting By Riham Alkousaa, editing by David Evans)

Yahoo says all three billion accounts hacked in 2013 data theft

Yahoo says all three billion accounts hacked in 2013 data theft

By Jonathan Stempel and Jim Finkle

(Reuters) – Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history, in a disclosure that attorneys said sharply increased the legal exposure of its new owner, Verizon Communications Inc <VZ.N>.

The news expands the likely number and claims of class action lawsuits by shareholders and Yahoo account holders, they said. Yahoo, the early face of the internet for many in the world, already faced at least 41 consumer class-action lawsuits in U.S. federal and state courts, according to company securities filing in May.

John Yanchunis, a lawyer representing some of the affected Yahoo users, said a federal judge who allowed the case to go forward still had asked for more information to justify his clients’ claims.

“I think we have those facts now,” he said. “It’s really mind-numbing when you think about it.”

Yahoo said last December that data from more than 1 billion accounts was compromised in 2013, the largest of a series of thefts that forced Yahoo to cut the price of its assets in a sale to Verizon.

Yahoo on Tuesday said “recently obtained new intelligence” showed all user accounts had been affected. The company said the investigation indicated that the stolen information did not include passwords in clear text, payment card data, or bank account information.

But the information was protected with outdated, easy-to-crack encryption, according to academic experts. It also included security questions and backup email addresses, which could make it easier to break into other accounts held by the users.

Many Yahoo users have multiple accounts, so far fewer than 3 billion were affected, but the theft ranks as the largest to date, and a costly one for the internet pioneer.

Verizon in February lowered its original offer by $350 million for Yahoo assets in the wake of two massive cyber attacks at the internet company.

Some lawyers asked whether Verizon would look for a new opportunity to address the price.

“This is a bombshell,” said Mark Molumphy, lead counsel in a shareholder derivative lawsuit against Yahoo’s former leaders over disclosures about the hacks.

Verizon did not respond to a request for comment about any possible lawsuit over the deal.

Verizon, the likely main target of legal actions, also could be challenged as it launches a new brand, Oath, to link its Yahoo, AOL and Huffington Post internet properties.

In August in the separate lawsuit brought by Yahoo’s users, U.S. Judge Lucy Koh in San Jose, California, ruled Yahoo must face nationwide litigation brought on behalf of owners accounts who said their personal information was compromised in the three breaches. Yanchunis, the lawyer for the users, said his team planned to use the new information later this month to expanding its allegations.

Also on Tuesday, Senator John Thune, chairman of the U.S. Senate Commerce Committee, said he plans to hold a hearing later this month over massive data breaches at Equifax Inc <EFX.N> and Yahoo. The U.S. Securities and Exchange Commission already had been probing Yahoo over the hacks.

The closing of the Verizon deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed last year. The company paid $4.48 billion for Yahoo’s core business.

A Yahoo official emphasized Tuesday that the 3 billion figure included many accounts that were opened but that were never, or only briefly, used.

The company said it was sending email notifications to additional affected user accounts.

The new revelation follows months of scrutiny by Yahoo, Verizon, cybersecurity firms and law enforcement that failed to identify the full scope of the 2013 hack.

The investigation underscores how difficult it was for companies to get ahead of hackers, even when they know their networks had been compromised, said David Kennedy, chief executive of cybersecurity firm TrustedSEC LLC.

Companies often do not have systems in place to gather up and store all the network activity that investigators could use to follow the hackers’ tracks.

“This is a real wake up call,” Kennedy said. “In most guesses, it is just guessing what they had access to.”

(Reporting by Munsif Vengattil, Jim Finkle, Jim Christie, Jon Stempel, and David Shepardson; writing by Stephen Nellis in San Francisco; Editing by Andrew Hay and Lisa Shumaker)

Equifax apologizes as U.S. watchdog calls for more oversight

FILE PHOTO: Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell/File Photo

By John McCrank

(Reuters) – Equifax Inc promised to make it easier for consumers to control access to their credit records in the wake of the company’s massive breach after the top U.S. consumer financial watchdog called on the industry to introduce such a system.

Equifax’s interim chief executive officer, Paulino do Rego Barros Jr., vowed to introduce a free service by Jan. 31 that will let consumers control access to their own credit records.

Barros, who was named interim CEO on Tuesday as Richard Smith stepped down from the post amid mounting criticism over the handling of the cyber attack, also apologized for providing inadequate support to consumers seeking information after the breach was disclosed on Sept. 7. He promised to add call-center representatives and bolster a breach-response website.

“I have heard the frustration and fear. I know we have to do a better job of helping you,” Barros said in a statement published in The Wall Street Journal.

Equifax announced the free credit freeze service after the Consumer Financial Protection Bureau’s (CFPB) director, Richard Cordray, told CNBC earlier in the day that the agency would beef up oversight of Equifax and its rivals.

“The old days of just doing what they want and being subject to lawsuits now and then are over,” Cordray said.

He also called for implementing a scheme of preventive credit monitoring.

“They are going to have to accept that. They are going to have to welcome it. They are going to have to be very forthcoming,” Cordray said.

The Equifax hack compromised sensitive data of up to 143 million Americans and prompted investigations by lawmakers and regulators, including the New York Department of Financial Services (DFS), which issued a subpoena to Equifax demanding more information about the breach.

Federal laws give the CFPB the power to supervise and examine large credit-reporting firms to ensure the quality of information they provide. In January, the CFPB fined TransUnion and Equifax $5.5 million in total for deceiving customers about the usefulness and cost of their credit scores.

Cordray called for expanded powers to cover data security to prevent breaches and suggested placing monitors inside credit reporting firms, borrowing a tactic from the regulatory regime for banks.

The CFPB is working with the Federal Trade Commission and New York’s DFS on a new regulatory framework, Cordray said. He also called for Congress to tighten oversight of the industry.

TransUnion said in a statement that it had “long been subject to regulatory oversight from state and federal regulators including the CFPB.”

Experian did not respond to requests for comment.

(Reporting by John McCrank in New York; Additional reporting by Lisa Lambert in Washington and Jim Finkle in Toronto; Writing by Michelle Price; Editing by Tom Brown and Leslie Adler)

Where consumers should turn after the Equifax breach

FILE PHOTO: Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell/File Photo

By Gail MarksJarvis

NEW YORK (Reuters) – There is a widespread sense of fear hanging over consumers in the aftermath of the data breach at credit-monitoring firm Equifax revealed in early September that approximately 143 million consumers’ personal and financial records were exposed.

It would be bad enough if people were merely worried about crooks using their Social Security numbers to empty their bank accounts or steal tax refunds. But they also have a feeling of defenselessness as they come to the realization that they cannot even trust where to go for help.

“Trust has vanished completely,” says Neal O’Farrell, executive director of the Identity Theft Council. “If you don’t know who to trust anymore, you don’t even know who to go to for help.”

A worried Chicago resident echoed this in an email after going to the Equifax website to get a credit freeze: “I received the follow-up email a few days ago and had to give the last four digits of my Social Security number and answer some credit questions from my credit history. Now I am wondering if even that email response to my filing for the freeze is even legitimate. I’ve become paranoid about giving any information over the Internet.”

While the main Equifax line (1-866-349-5191) consistently gives out a busy signal if you seek an agent, cyber security experts believe that technologically clever crooks could be creating phony emails and websites that look legit.

The emails may appear to be from the four credit bureaus – Equifax, Experian, TransUnion and Innovis – or financial institutions, credit monitoring firms and even the government.

“Scammers will use realistic-looking sites,” said John Krebs, who heads the Federal Trade Commission’s identity theft program. “Emails may create a sense of urgency so people click on a link.”

But clicking on a link can allow scammers to infiltrate your computer and get your data, if they do not have it already. To stay safe, do not answer questions in emails or phone numbers in those emails, said Krebs. Instead, look up a main number for that institution and call them directly.

You can find contacts at the Federal Trade Commissions website on identity theft (https://identitytheft.gov/Top-Company-Contacts).

BEWARE OF SPOOFS

In one example of vulnerability, a spoof site was created recently to look just like the actual Equifax site (equifaxsecurity2017.com) where people could ask whether their Social Security numbers were stolen. It was so convincing that at one point, an Equifax representative on Twitter mistakenly directed people to the fake site, said Brian Krebs, an investigative reporter for KrebsonSecurity.com – and no relation to the FTC’s John Krebs.

Luckily, the fake site was created by an individual simply to show the weaknesses in the system and it was taken down after making its point, Brian Krebs noted.

There are other alarming signs that you are vulnerable even when trying to protect yourself. KrebsOnSecurity.com recently reported that a credit freeze to keep crooks from opening lines of credit may not be as solid as you think.

The site found a weakness on Experian that would allow a crook to start the process of retrieving a PIN and unlocking the freeze simply by using the Social Security numbers and addresses stolen from Equifax.

Some security questions are also included, but Brian Krebs thinks answers would be easy to figure out using Internet searches. In a statement, Experian said the process of retrieving PINs goes beyond that.

Still, with trust shaken, Brian Krebs worries: “People are going to throw up their hands and say, ‘Who cares?’ But that does them no good.”

Instead, he recommends going through the steps to put the freezes on their credit at the four bureaus while keeping a vigilant eye out for the next scam.

(The opinions expressed here are those of the author, a columnist for Reuters.)

(Editing by Beth Pinsker and G Crosse)

Equifax CEO retires following massive cyber attack

The logo and trading information for Credit reporting company Equifax Inc. are displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., September 26, 2017. REUTERS/Lucas Jackson

By Dustin Volz and John McCrank

(Reuters) – Equifax Inc said on Tuesday its Chief Executive Officer Richard Smith will step down and forgo his annual bonus, a move that came weeks into a mounting crisis at the credit-monitoring firm stemming from a massive data breach.

Equifax is being investigated by the U.S. Federal Trade Commission, and faces a barrage of questions from Congress and public ire over what has widely been viewed as a bungled response to a hack that exposed the personal details of up to 143 million U.S. consumers.

The credit-monitoring firm disclosed on Sept. 7 that hackers had access to its systems between mid-May and July.

The announcement that Smith, 57, would depart came ten days after the company said its chief information officer and chief security officer were retiring.

Shares of Equifax were down 1.6 percent at $103.35 early on Tuesday.

“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement.

Paulino do Rego Barros, 61, who was most recently president of Equifax’s Asia-Pacific operations, will be interim CEO.

The announcement comes a week before Smith was expected to testify before multiple congressional committees about the cyber attack.

A spokeswoman for the U.S. House Energy and Commerce Committee said Smith, whose retirement was effective on Tuesday, would still testify before the panel on Oct. 3. The Senate Banking Committee did not immediately respond when asked if Smith would appear as scheduled on Oct. 4.

“Rick Smith is scheduled to testify before Congress. It’s up to the committee to decide if they want another executive,” an Equifax spokeswoman said in an emailed statement. “We will fully cooperate with Congress, as we have since this cybersecurity incident was first disclosed.”

The company and Smith agreed that Equifax will defer any decision related to “any obligations or benefits” owed to him until the company’s board completes an independent review of the breach, according to a regulatory filing. Smith earned a total of $14.96 million in 2016.

Equifax shares have fallen more than 30 percent since the disclosure of the breach amid mounting criticism from lawmakers, regulators and consumers about the hack and the company’s response to it.

In 2014, Target CEO Greg Steinhafel left the retailer after it was revealed hackers had accessed credit card and personal information belonging to tens of millions of shoppers.

(Reporting by John McCrank in New York, Dustin Volz in Washinton and Supantha Mukherjee in Bengaluru; Editing by Sai Sachin Ravikumar and Meredith Mazzilli)

New York governor wants credit-reporting firms to follow cyber rules

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

By Diane Bartz and Suzanne Barlyn

WASHINGTON/NEW YORK (Reuters) – New York Governor Andrew Cuomo said on Monday that he wants credit-reporting firms to comply with the state’s cyber-security regulations, the latest government official to crack down on the industry in the wake of the massive Equifax hack.

Also on Monday, Bloomberg News reported that federal authorities have opened a criminal probe into stock sales by three Equifax Inc <EFX.N> executives before the company disclosed the massive data breach, news that has weighed heavily on the stock price.

The company has said the executives were unaware of the hack when they sold the stock for $1.8 million.

Equifax’s legal woes worsened as the U.S Attorney’s office in Atlanta issued a statement saying it was working with the FBI on a criminal investigation into the breach and theft of personal information.

Equifax shares rose 1.5 percent on Monday after losing about a third of their value since the hack was announced. The Equifax breach discovered on July 29 exposed sensitive data like Social Security numbers of up to 143 million people.

Cuomo said he planned to require all credit-reporting agencies to register with the state and comply with its cyber-security rules.

The proposed regulation would take effect in February, Cuomo said in a statement. If the companies do not register, they risk being barred from doing business with financial companies regulated by New York state.

The state would be able to bar credit-reporting agencies, including TransUnion <TRU.N> and Experian Plc <EXPN.L>, as well as Equifax, from doing business in New York if the state found they engaged in “unfair, deceptive or predatory practices,” Cuomo said.

“The Equifax breach was a wake-up call,” Cuomo said. “And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”

Proposed regulations are typically subject to a period for public comment before they become final.

A New York state cyber-security regulation, the first of its kind in the United States, took effect on March 1. It requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to regulators.

Maine is the only U.S. state that requires credit agencies to register, said William Lund, superintendent of the Maine Bureau of Consumer Credit Protection. But its law does not cover cyber security, an issue the bureau will have to consider, Lund said.

Maine, which has been registering credit-reporting agencies since the 1990s, has 30 such agencies on its roster, ranging from the largest to those dealing with everything from check approval to tenants’ rental histories, he added.

The three credit-reporting agencies did not respond to requests for comment on Cuomo’s plan.

Bloomberg reported on Monday that the U.S. Justice Department is investigating whether Equifax’s chief financial officer, John Gamble, and two other executives broke insider-trading rules by selling stock after the breach was discovered in July and weeks before it was disclosed this month.

Reuters was not able to confirm the Bloomberg report.

Separately, the company issued a statement saying a second Bloomberg report late on Monday about a second cyber attack in March referred to a breach at Equifax payroll unit that was previously reported to regulators, customers and consumers and also been covered by the press.

“Equifax complied fully with all consumer notification requirements related to the March incident. The two events are not related,” the statement said.

(Reporting by Diane Bartz and Suzanne Barlyn; Additional reporting by Sarah N. Lynch, David Shepardson and Dustin Volz; Editing by Jim Finkle, Leslie Adler and Michael Perry)

China beefs up cyber defenses with centralized threat database

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – China said on Wednesday it will create a national data repository for information on cyber attacks and require telecom firms, internet companies and domain name providers to report threats to it.

The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.

An MIIT policy note also said that the ministry, which is creating the platform, will be liable for disposing of threats under the new rules, which will take effect on Jan. 1.

Companies and network providers that fail to follow the rules will be subject to “warnings, fines and other administrative penalties”, it said, without giving any details.

The law is the latest in a series of moves by Chinese authorities designed to guard core infrastructure and private enterprises against large-scale cyber attacks.

In June, China’s cyber watchdog formalized a nationwide cyber emergency response plan, which included the construction of a central response system and mandated punitive measures for government units that failed to safeguard the system.

Earlier this year, the same ministry introduced rules requiring state telecommunications firms to take a more active role in removing VPNs and other tools used to subvert China’s so-called Great Firewall.

(Reporting by Cate Cadell; Editing by Richard Borsuk)