BREAKING NEWS
 
              

SANTA CLAUS' WORKSHOP, NAUGHTY/NICE LIST DATABASES HACKED, PROPRIETARY DATA AND PII OF BILLIONS EXPOSED

The Grinch, Disgruntled Elves and Anonymous Lead List of Suspects in Data Theft; AppSecInc's TeamSHATTER Tapped to Assist 'WhoDunIt' Investigation

NEW YORK, November 28, 2011 - TeamSHATTER, the research arm of Application Security, Inc. (AppSecInc) today announced that it has been commissioned to assist in the investigation of what is being called the largest, most disturbing and most costly data breach in history - the hack of the databases for Santa's Workshop and Santa Claus' renowned Naughty/Nice list. In a year highlighted by the biggest data security breaches on record, this latest occurrence proves that there are no limits or geographic boundaries to the lengths motivated attackers will go to get what they want.

Details of the incident have not been made public, but authorities have shared a summary of the data types reportedly stolen. They include:

              
  •  • Street addresses of all homes scheduled to be visited by Santa Claus on Christmas Eve and the order of delivery.

  • • Top secret and proprietary travel routes and delivery methodologies detailing how Santa accomplishes the legendary annual feat.

  • • Production plans from Santa's Workshop including the top secret list of the most popular toys and other presents for 2012.

  • • Santa's 2012 appearance schedule, including secure parade routes and details of contractual obligations with every shopping mall in the world.

    • Payroll data for all of Santa's existing and former employees, including names, salaries, social security numbers, bank account numbers, and retirement savings plan information.

    • Data for contracts and bids from all third-party suppliers of materials, workshop  equipment, a proposed new reindeer housing complex, and blueprints for the very first green energy powered sleigh.
        
  • • Santa's famous Naughty/Nice list database including names, home addresses, email addresses, customer notes indicating what they want for Christmas and corresponding shopping patterns and the proprietary classification methodology used by Santa Claus in determining who is placed on which list and why.

A frustrated and distraught Mrs. Claus, chief operations officer for Santa's Workshop exclaimed, "Our entire organization has been compromised. Due to the sensitive nature of the data jeopardized by this breach, Santa's Workshop and its thousands of employees face the very real prospect of being shut down."

Mrs. Claus continued, "The attackers now have access to everything they need to know about our clients, including name, age, address, email address, and most of all, what they want for Christmas. This proprietary information is crucial to the effectiveness of Mr. Claus and his operations and if it falls in the wrong hands, I shudder to think what could happen."

Santa Claus himself further elaborated on the extent of the breach. "We have some very prominent CEOs and Board Members who have gone as far as to send us their wish list for acquisitions in 2012. I'd imagine that level of sensitive information could be very valuable to the competition - so this data theft reaches far beyond how it will affect our North Pole operations and the happiness of the world's children. This breach could impact businesses on a worldwide basis."

Based on the vast amount of data that was wrongfully accessed, speculation on the identity of the perpetrators is rampant. Leading the list of suspects is Santa's long-time adversary and business competitor, The Grinch. The Grinch has been after Santa's data for years and believes it is essential to getting his South Pole upstart fully operational. Earlier this year, The Grinch was tied to the attempted theft of Colonel Sanders' secret recipe in a failed effort to build a fast food empire.

Other suspects include the reportedly disgruntled Santa's Workshop employee, Hermey the Elf, who has long wanted to become a dentist, a desire which has resulted in unrestrained mockery from his fellow elves and Hermey's growing animosity toward them. The hacktivist group Anonymous is also on the suspect list. While it isn't clear what would motivate Anonymous to hack Santa's Workshop, industry rumblings indicate that the masked crusaders are working on behalf of alternative holiday groups, including those representing Festivus.

Based on the condition of anonymity, an AppSecInc representative shared his thoughts, "From nefarious insiders to corporate espionage and nation state attacks, to politically motivated movements, the suspect list is a painful reminder that 2011 will go down as the year of the data breach. I can confirm that AppSecInc's TeamSHATTER is currently involved in the forensic investigation, but I am prohibited from commenting further at this time. What I can say is that the world's databases continue to be under siege and if we don't see a vast improvement in security controls; data security, privacy, and integrity will be a thing of the past."

In an effort to assist with the investigation and better understand who may have breached Santa's Workshop, AppSecInc will be conducting a webinar series that takes a close look at what can be learned from the other high profile and costly data breaches of 2011. The series will explore some of the most common attack methods, the patterns and warning signals that can be readily detected, and tips for how organizations can stop perpetrators' attempts to compromise sensitive data assets. The webinar series will conclude with thoughts on what AppSecInc's experts believe the database security threatscape will look like in 2012.

Mrs. Claus concluded, "We are confident that the database security experts at AppSecInc will be able to help us identify the perpetrators, but more importantly help us put the appropriate process controls in place to monitor all of our sensitive data. We want to ensure that we never experience this again. I only wish that we had contacted them sooner, as we could have avoided this fiasco altogether."

To learn more about the webinar series and the cast of characters suspected of committing this monumental data theft, please visit: http://www.appsecinc.com/santa-breach/.

About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security solutions for the enterprise. By providing strategic and scalable software-only solutions - AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise - AppSecInc supports the database security lifecycle for some of the most complex and demanding environments in the world across more than 1,300 active commercial and government customers.

Leveraging the world's most comprehensive database security knowledgebase from the company's renowned team of threat researchers, TeamSHATTER, AppSecInc products help customers achieve unprecedented levels of data security from nefarious or accidental activities, while reducing overall risk and helping to ensure continuous regulatory and industry compliance.

For more information, please visit: www.appsecinc.com | www.teamshatter.com

For a free database vulnerability assessment visit:
http://www.appsecinc.com/downloads/appdetectivepro/

Follow us on Twitter:  www.twitter.com/appsecinc | www.twitter.com/teamshatter

DbProtect and AppDetectivePro are trademarks of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners.

 All events portrayed in this press release - even though based on real-life security threats - are entirely fictional and are for illustrative and entertainment purposes only.

###

CONTACT:                                               
Tim Whitman                                                                       
Application Security, Inc.                                                           
twhitman@appsecinc.com 
781-687-1063          

 

  
Register for Our Holiday Webinar Series and WIN Cool Prizes! Click Here to Register!