Thursday, 23 March 2017
Last updated 9 hours ago
Jul 7 2014 | 9:11am ET
A major cybersecurity breach at a hedge fund that struck fear into the industry and prompted a U.S. regulatory response didn’t actually happen.
The alleged attack, announced last month by BAE Systems’ Paul Henninger, was only an “illustrative scenario” that had been “incorrectly presented,” the London-based company—which offers network-security services—admitted last week.
“Although the example was a plausible scenario, we believe that it does not relate to a specific company client,” BAE spokeswoman Natasha Davies told Bloomberg News. “We sincerely apologize for this inaccuracy. We are taking the necessary action to ensure this type of error does not occur again.”
Henninger had claimed that a “major” U.S. hedge fund—which he did not name—had suffered a hacking attack last January. The alleged raid lasted two months and cost the firm millions, delaying trades and compromising its trade secrets, Henninger said.
“This was something that was getting reviewed at the board level of this hedge fund precisely because it was having a material impact on performance across the portfolio,” he added, noting that the attack began when a staffer opened a phishing email.
The claim contributed to the Center for Financial Stability and Federal Bureau of Investigation partnering to “better assess emerging risks and facilitate coordination surrounding cybersecurity and threats.” The CFS cited “news about cyber-attacks against a major unnamed hedge fund” in its June 24 announcement.
For his part, Henninger is “taking some time away from the business,” Davies said. He remains employed by the company.