Hackers Pocket IBM Secrets in China, File Maine Health Records Elsewhere, and Defraud Elephant Bar Diners

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Ex-IBM employee from China Allegedly Stole Trade Secrets

A former software coder for IBM in China has been accused of trying to sell stolen code to other companies.

He was arrested Dec. 7.

IBM wasn’t named in the complaint. But a LinkedIn profile for Xu said he was employed as a system software developer at IBM during the period in question.

The technology at stake is related to proprietary software the company developed for a system that facilitates faster computer performance.

Xu had access to the source code before voluntarily resigning in May 2014.

That year, the FBI received a tip that someone in China was claiming to have the code and was using it for business negotiations.

An undercover officer posing as an investor contacted Xu.

In March, Xu emailed the officer and another undercover agent about his past experience with the proprietary software and attached some sample code from his prior job.

After Xu offered to remotely install the proprietary software, the FBI in August arranged for a mock computer network to be set up. The files Xu uploaded to it contained a functioning copy of the software.

MaineGeneral Health Suffers Mysterious Data Theft

Someone, at some point, transferred records from MaineGeneral Health to an outside, restricted website.

The hospital disclosed the incident Dec. 8.

The medical center learned from the FBI that certain MaineGeneral data was found on an external website unavailable to the general public. The hospital is currently working to learn the source and extent of the data breach.

On Nov. 13, MaineGeneral president Chuck Hays got a call from the FBI informing him of the attack.

The external website involved in the incident is accessible only to those with a valid username and password.

According to the FBI, the hack was connected to an ongoing investigation. 

Indie Music Distributor TuneCore Gets Popped

TuneCore CEO Scott Ackerman notified all users around midnight Dec. 4 their accounts had been hacked.

"We recently discovered suspicious activity on TuneCore's servers in November," he said in an email to customers. The intruder extracted the data Nov. 17.

It appears passwords stored on the compromised servers weren’t strongly encrypted.

“Although TuneCore passwords were stored in a protected form, it is possible for a determined hacker, with sufficient time, using advanced computing tools, to recover those passwords,” the company’s website states.

Among other things, the attackers compromised billing addresses; the last four digits of credit card numbers and their expiration dates; bank names; the last four digits of bank account numbers; the last four digits of bank routing numbers; and the name and address associated with the bank account on file.

Crooks Tampered with Payments at Elephant Bar Restaurants

The owner of the dining chain says it learned from a debit and credit card processor in early November about illegal software found on payment systems in certain restaurants.

The potential breach affects customers who made purchases between Aug. 12 and Dec. 4 at almost 30 locations, across seven states.

The sites affected include 20 in California, three in Colorado, two in Arizona and one each in Florida, Missouri, New Mexico and Nevada. 

(Image via A. and I. Kruk/Shutterstock.com)