It has been an unhappy Christmas for Stratfor, a large and supposedly discreet private security company. The US firm is still clearing up the mess caused by computer hackers who broke into its website and published the names, addresses, and credit-card details of thousands of its clients online.
In an attack it said was inspired by the seasonal tradition of giving, members of the group known as Anonymous crashed the company's website, before using Twitter to circulate the financial information of roughly 4,000 people who subscribe to its services.
The victims were mostly employees of large firms such as Apple, or government agencies including the Air Force and Miami Police Department. The hackers appeared to be using their credit cards to donate money to a selection of charities, in what they described as an effort to "give away" a million dollars.
One Stratfor client, a former staffer at the Texas Department of Banking called Allen Barr, said his details were used to give $700 to such organisations as Save the Children and the Red Cross. "It made me feel terrible; it made my wife feel terrible," he told The Associated Press. "We had to close the account."
Another client, Cody Sultenfuss, who works at the Department for Homeland Security, had his email, telephone number, and card details published on a site linked to Anonymous's Twitter feed. "They took money I did not have," he complained. "Why me? I am not rich."
The ongoing attack shed an awkward light on Stratfor, which, according to its prospectus, provides political, economic and military analysis that helps customers discreetly to reduce their exposure to risk. It charges for access to reports and videos delivered via email, as well as through its password-protected website.
Although it kept a low profile before the weekend, the firm, which is based in Austin, Texas, has some hugely powerful clients. Companies such as Lockheed Martin and Bank of America, along with organisations including the US Air Force, Los Alamos nuclear laboratory, and the United Nations appear on its leaked client list.
Stratfor may deal in sensitive information, but Anonymous claims that it adopted a cavalier attitude towards the security of clients by failing to take the basic step of encrypting the personal details held in its online files. "Not so private and secret anymore!" the hackers declared, in a message on Twitter.
Fred Burton, the company's vice president of intelligence, said he is working with law-enforcement agencies to identify those responsible. He did not disclose whether Stratfor had encrypted its records, but said in the company's defence: "I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against."
Although the affair has undoubtedly caused embarrassment to Stratfor, it remains unclear whether its clients will be damaged financially. In theory, fraudulent charges on a credit card can be swiftly disputed and reversed, meaning that the charities Anonymous set out to benefit may find that their sudden good fortune is short-lived.