California hacker charged with data theft, extortion over Maserati breach

He allegedly stole customer data from Web site, then asked company to 'buy my silence'

By Jaikumar Vijayan

September 23, 2008 12:00 PM ET

Comments

Top Stories

Computerworld - A resident of Solana Beach, Calif., has been charged with stealing customer data from luxury car seller Maserati North America Inc. and then trying to extort money from the company by threatening to publicly disclose the details of the system intrusion.

Bruce Mengler was arraigned yesterday on five charges, including extortion and illegally accessing a protected computer. He pleaded not guilty to the charges and is scheduled to appear for another hearing in U.S. District Court for the Southern District of California late next month.

Court papers filed by prosecutors in connection with the case allege that Mengler accessed data about Maserati North America customers in March by using an automated program to guess PINs that the company provided to customers for logging into a promotional Web site. Once his program successfully identified a PIN, prosecutors claim, he would use it to log into the Web site and then download the customer data associated with that PIN, basically consisting of a person's name and address.

Next, Mengler tried to extort money from Maserati North America in exchange for his silence about the data breach, according to the court documents. Prosecutors said that in an e-mail sent to officials at the Englewood Cliffs, N.J.-based company two days after he stole the data, Mengler told them that he had "mined" the Web site and downloaded the names and addresses of most of Maserati's customers in the San Diego area.

"Would you like this lack of security & privacy to become public knowledge?" Mengler is alleged to have asked in his e-mail. "If you would like to buy my silence, make me an offer I can't refuse."

In other e-mails, Mengler threatened to "blast" the information that he had obtained to media organizations around the country if he wasn't paid off and wondered whether the company's "brain dead web implementation" had been corrected. He boasted that he had more than 2,600 customer records and threatened to make them available to Maserati's competitors.

"What dollar amount is each name worth to Maserati to not be released to the public?" Mengler asked in one of his messages, according to the court filings.

Maserati North America officials didn't immediately return a call seeking comment about the incident and Mengler's arraignment.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Mengler

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.