Computerworld - A resident of Solana Beach, Calif., has been charged with stealing customer data from luxury car seller Maserati North America Inc. and then trying to extort money from the company by threatening to publicly disclose the details of the system intrusion.
Bruce Mengler was arraigned yesterday on five charges, including extortion and illegally accessing a protected computer. He pleaded not guilty to the charges and is scheduled to appear for another hearing in U.S. District Court for the Southern District of California late next month.
Court papers filed by prosecutors in connection with the case allege that Mengler accessed data about Maserati North America customers in March by using an automated program to guess PINs that the company provided to customers for logging into a promotional Web site. Once his program successfully identified a PIN, prosecutors claim, he would use it to log into the Web site and then download the customer data associated with that PIN, basically consisting of a person's name and address.
Next, Mengler tried to extort money from Maserati North America in exchange for his silence about the data breach, according to the court documents. Prosecutors said that in an e-mail sent to officials at the Englewood Cliffs, N.J.-based company two days after he stole the data, Mengler told them that he had "mined" the Web site and downloaded the names and addresses of most of Maserati's customers in the San Diego area.
"Would you like this lack of security & privacy to become public knowledge?" Mengler is alleged to have asked in his e-mail. "If you would like to buy my silence, make me an offer I can't refuse."
In other e-mails, Mengler threatened to "blast" the information that he had obtained to media organizations around the country if he wasn't paid off and wondered whether the company's "brain dead web implementation" had been corrected. He boasted that he had more than 2,600 customer records and threatened to make them available to Maserati's competitors.
"What dollar amount is each name worth to Maserati to not be released to the public?" Mengler asked in one of his messages, according to the court filings.
Maserati North America officials didn't immediately return a call seeking comment about the incident and Mengler's arraignment.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
