The Cybercrime Files- Case #101: The Art Burglars

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.


INVESTIGATIVE REPORT

OFFENSE:  Burglary & Data Theft

VICTIM:  JT’s Fine Art Gallery

LOCATION:  Akron, OH

DATE:  12-11-18

LEAD INVESTIGATOR:  Patrick Carroll

NOTES: I arrived at the scene shortly before 10am to meet with gallery owner, JT Clark.

Clark was understandably shaken at the events that had transpired. Clark told me that he had received a telephone call from local police informing him that several of his clients recently had irreplaceable works of art stolen from their homes. Clark was shocked when authorities informed him that his gallery’s IT Network may have played a significant role in these burglaries.

Clark explained that police discovered documents in a suspect’s apartment that listed the estimated values of all art brought into JT’s gallery to be appraised. The appraisals also included information such as customers’ addresses and occupations.

FINDINGS: It did not take long me long to uncover that hackers had infiltrated the gallery’s network (where all appraisals are stored) and stolen sensitive customer data.

Because Clark did not have the proper security measures in place, hackers were able to use automated software to steal employee usernames and passwords. Hackers then logged into Clark’s network and were able to view all appraisals.

The suspects then identified customers who brought in the most valuable pieces of art, wrote down their addresses, and then broke into their homes to steal their art collections.

PREVENTION: To protect Clark’s Network from being hacked again, we put the following security measures in place:

#1: Multi-Factor Authentication: Clark and his employees used simple passwords that were easy to steal. In order to protect them from future hacks we set up multi-factor authentication for all applications, networks, and servers. (Learn more about Multi-Factor Authentication here).

#2: Installed Proper Firewalls

#3: Did a complete network security overhaul and advised Clark and his staff on proper security practices as well as tips on prevention and detection.

CONCLUSIONS: Small businesses like Clark’s often don’t have the necessary security measures in place because they think they’re “too small” to be a target.

In reality, this can’t be further from the truth. Akron Cyber criminals will intentionally target smaller companies because they are frequently easier to hack and don’t believe it can happen to them. JT’s Gallery is just one of many cases we have seen like this.

This crime could have easily been prevented had the proper security measures been put in place. Please, don’t jeopardize your business or your customer’s safety by being complacent with your data protection practices. Data theft really can happen to anyone, including you!

 

Want to learn more? Read Cyber Crime Files Case #102 to learn more about email scams >>

Is your company a target for cyber criminals? Take our free Cyber Security Audit to find out!