Friday, December 16, 2016



Complete DHS Report for December 16, 2016

Daily Report                                            

Top Stories

• The former president of the Bank of Union (BOU) in El Reno, Oklahoma, was charged December 13 after he and 4 co-conspirators allegedly caused the bank over $100,000,000 in losses. – U.S. Attorney’s Office, Western District of Oklahoma See item 2 below in the Financial Services Sector

• Federal officials approved December 13 a guilty plea and an $11.2 million settlement with a ConAgra Foods, Inc. subsidiary to resolve an investigation into a 2006 Salmonella outbreak linked to the firm’s Peter Pan peanut butter that sickened at least 625 people in 47 States. – Associated Press

11. December 13, Associated Press – (National) ConAgra to pay $11.2M to settle tainted peanut butter case. The U.S. Department of Justice approved December 13 a guilty plea and an $11.2 million settlement with a ConAgra Foods, Inc. subsidiary to resolve an investigation into a 2006 Salmonella outbreak linked to the firm’s contaminated Peter Pan peanut butter that sickened at least 625 people in 47 States. Source: http://www.cbs8.com/story/34037383/conagra-to-pay-112m-to-settle-tainted-peanut-butter-case

• About 200,000 gallons of untreated wastewater spilled into Bear Creek in Mocksville, North Carolina, December 13 due to a force main break. – Salisbury Post

14. December 14, Salisbury Post – (North Carolina) 200,000 gallons of wastewater spills into Mocksville’s Bear Creek. A force main break near a tributary of Bear Creek in Mocksville, North Carolina, caused an estimated 200,000 gallons of untreated wastewater to spill into the creek in the South Yadkin River Basin December 13. Officials stated the force main break occurred after friction from rocks caused a pipe to fail.  Source: http://www.salisburypost.com/2016/12/14/200000-gallons-wastewater-spills-mocksvilles-bear-creek/

• Yahoo Inc. reported December 14 that the data associated with more than 1 billion user accounts may have been compromised in an August 2013 breach. – SecurityWeek See item 20 below in the Information Technology Sector

Financial Services Sector

2. December 14, U.S. Attorney’s Office, Western District of Oklahoma – (Oklahoma) Former bank president indicted in connection with $100,000,000 bank failure. The former president of the Bank of Union (BOU) in El Reno, Oklahoma, was charged December 13 after he and 4 co-conspirators allegedly defrauded BOU by issuing loans with under secured or unsecured collateral and falsifying financial statements for several bank borrowers, concealing the bank’s true financial condition from the Board of Directors and the Federal Deposit Insurance Corporation (FDIC), and originating nominee loans to circumvent the bank’s legal lending limit, among other fraudulent actions, from 2009 – 2013, which caused the bank more than $100,000,000 in losses. In January 2014, State banking regulators closed BOU due to the losses it incurred as a result of the scheme.
Source: https://www.justice.gov/usao-wdok/pr/former-bank-president-indicted-connection-100000000-bank-failure

Information Technology Sector

19. December 14, SecurityWeek – (International) SAP resolves multiple information disclosure flaws. SAP released its December 2016 security patches, which feature 20 Patch Day Security Notes and updates for 2 previously released notes to resolve a total of 31 vulnerabilities affecting several SAP products, including an information disclosure flaw in SAP Business Objects Explorer which could be leveraged to reveal additional information such as system data or debugging information, among other patched flaws. The updates also resolve three flaws in 2 SAP for Defense Forces & Public Security components that could allow an attacker to read, alter, or delete restricted data.

20. December 14, SecurityWeek – (International) Yahoo says newly discovered hack hit 1 billion accounts. Yahoo Inc. reported December 14 that the data associated with more than 1 billion user accounts may have been compromised in an August 2013 breach after attackers reportedly accessed the company’s proprietary code to learn how to forge cookies. Yahoo officials claimed the breach was conducted by a State sponsored actor and the breach remains under investigation. Source: http://www.securityweek.com/yahoo-says-newly-discovered-hack-hit-1-billion-accounts

21. December 14, Agence France-Presse – (International) Ashley Madison dating site to pay $1.6 million over breach. Ruby Corp., the parent company of the Ashley Madison discrete dating Website, agreed December 14 to pay a $1.6 million penalty to settle charges with the U.S. Federal Trade Commission and State regulators after a hacker group released the data of 36 million users of the Website in 46 countries in 2015. The settlement requires Ashley Madison to implement a wide range of data security practice to better protect its users’ personal information from malicious actors in the future. Source: http://www.securityweek.com/ashley-madison-dating-site-pay-16-million-over-breach

Communications Sector

Nothing to report