Article Details

Names, bank info, and more spills from top sperm bank. Cyber-crime is officially getting out of hand. One of the world's largest sperm banks, California Cryobank, is in a sticky situation. It's had to tell folks their sensitive information, including names and bank account numbers, was likely stolen from it by digital intruders. The IT break-in occurred between April 20 and April 22, last year, according to a notification filed this month with the US state's attorney general's office. California Cryobank spotted unauthorized activity on certain computers on April 21, isolated the affected machines, and launched an investigation.  The sperm bank hasn't disclosed how many individuals were affected, but says the files potentially accessed or acquired include names, Social Security numbers, driver's license numbers, financial account details, and health insurance information [PDF].  California Cryobank has touted itself as having the largest sperm supply in the world, distributing to all 50 US states and more than 30 countries internationally. The biz did not immediately respond to The Register's questions about the break-in, including how many customers were affected and if the miscreants deployed ransomware and demanded an extortion payment. One wonders why it's taken almost a year for this all to come to light, so to speak. Stolen financial account details, paired with names and Social Security numbers, are always a hot commodity on cybercrime forums, making it easy for would-be identity thieves to commit online fraud. But even the exposure of sperm donors' or recipients' names would pose a serious privacy risk, given the sensitive nature of these services and the likelihood that neither party wants their involvement made public. Recently, ransomware crews and other cybercriminals have increasingly targeted sensitive medical data — including plastic surgery patients' personal info and photos as well as a cancer patient's nudes — and used this stolen data to pressure medical facilities into paying an extortion demand. Following the security breach, California Cryobank claims it's beefed up its defenses to prevent another stain on its security record. "We have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems," the letter sent to affected customers reads.  Plus, it's offering the requisite 12 months of free membership of identity protection services to the affected customers. We'd suggest hiring a few penetration testers as well.