[ISN] Hacker break-in forces firm to issue results early

From: InfoSec News (isnat_private)
Date: Fri Feb 15 2002 - 02:02:48 PST

  • Next message: InfoSec News: "[ISN] Was Cigital security warning too hasty?"

    Forwarded from: Matt Southworth <southat_private>
    By Tim Hepher
    AMSTERDAM Buhrmann, the world's top office products supplier,
    acknowledged a flaw in its Internet security on Thursday after a
    hacker broke into its Web site and forced it to publish a 51 percent
    fall in profits a day early.
    Buhrmann, which makes 12 percent of its revenue over the Web,
    published its results on Wednesday evening after saying it had been
    contacted by a radio journalist who had found out they were accessible
    in what should have been a secure Internet area.
    "We thought it was secure, but apparently it wasn't," Chief Executive
    Frans Koffrie told a news conference called to present the results
    which, although bleak, were much as the market had expected after
    being well flagged by two profit warnings.
    The leak came after the Amsterdam bourse had closed on a day when
    there had been a rise of 10 percent in Buhrmann's share price on
    double the normal volume. The shares fell back as much as six percent
    in even higher volume on Thursday.
    Koffrie said the leak could not have seeped into the Amsterdam market,
    because the information had not been fed into the maintenance system
    that was penetrated until after the bourse closed. The company is
    investigating how security was broken, he added.
    He said the share rise was probably caused by a strong statement from
    U.S. rival Office Depot earlier that day. Office Depot stock rose 14
    percent after it reported a swing back into profit.
    A Euronext spokesman said the exchange was satisfied the company had
    acted promptly to make sure all investors knew about the results as
    soon as it found out about the high-tech leak.
    Buhrmann's New York-listed stock was trading at that time but the
    company said there had been no evidence of any unusual activity that
    might have forced it to request a suspension.
    Euronext can refer high volumes or price movements driven by no
    apparent news to Dutch stock regulator STE for investigation, but it
    declined to say whether that would happen in this case.
    An industry source however said the Buhrmann share activity on
    Wednesday fell inside the category of possibly suspicious trades that
    would normally end up on the regulator's desk.
    The STE said it was aware of unusual volumes in Buhrmann trading but
    declined to say whether it would investigate, nor whether there could
    be a possible link with the security breach on Buhrmann's results.
    "We are aware of this trading in Buhrmann but this does not mean this
    will lead to an investigation. We cannot comment on whether there will
    be an investigation," an STE spokesman said.
    The web security lapse capped a generally miserable year for Buhrmann,
    whose Web site vaunts its modern Internet technology.
    It has seen its shares plunge around 60 percent through two profit
    warnings and a downturn in demand for office products as the economy
    turns sour and fewer companies expand.
    Shares in Buhrmann were down 6.55 percent at 12.12 euros by 1510 on
    Thursday. Volume was more than three times the 30-day average with 1.1
    percent of the capital changing hands.
    Buhrmann, which sells products ranging from floppy disks to filing
    cabinets and makes half its sales in the United States, slashed its
    dividend to 0.16 euros per share from 0.60 euros.
    EPS before goodwill fell to 1.02 euros from 2.10 euros in 2000,
    pipping Buhrmann's own forecast of one euro per share.
    And on a more optimistic note, it reiterated it expected higher net
    ordinary profit in 2002 barring severe economic news.
    Buhrmann said operational margins had already picked up in the fourth
    quarter, partly because of cost cuts achieved by integrating
    acquisitions like U.S. Office Products and Samas, a process which is
    expected to be completed by mid-2002.
    Matt Southworth                 Three Five Oh One Two Five Go!
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 05:10:21 PST