Menu
Browse

Cyber Threat Actor: William Reynolds

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

William Reynolds, also known by thealias William Reynolds, is an individual identified as a private investigator operating within the United States of America, with known activity centered in California. He became publicly associated with a cyber incident in April 2014 when he and another investigator, Oliver Glover, admitted to gaining unauthorized access to servers belonging to HQSU Sign Up Services and downloading thousands of confidential files. The compromised data included Social Security numbers, medical records, addresses, and privileged litigation documents belonging to over 32,000 injured workers who were clients of the law firm Reyes & Barsoum L.L.P. The intrusion was allegedly carried out at the direction of three California workers compensation insurers—Berkshire Hathaway Homestate, Cypress Insurance, and Zenith Insurance—who sought to obtain an advantage in ongoing claims disputes and to reduce settlement payouts. This activity demonstrates a clear financial motive tied to the insurance sector’s desire to minimize liability costs, with the geographic focus limited to the state of California and the broader United States. The targeted sectors therefore encompass workers compensation insurance, legal services representing injured workers, and the associated healthcare data of claimants.

The tactics employed by William Reynolds in this incident involved direct unauthorized server access followed by the exfiltration of large volumes of sensitive files, without any reference to malware families, custom tooling, or phishing vectors in the publicly available sources. No evidence points to the use of specific exploit kits, remote access trojans, or command‑and‑control infrastructure; the breach relied instead on legitimate‑appearing credentials or privileges obtained through his role as a private investigator. Attribution remains confined to the individual himself, with no indication of state sponsorship, affiliation with a criminal consortium, or membership in a larger hacking group. The operation is notable as a representative example of how private investigators can be leveraged to conduct illicit data harvesting on behalf of corporate clients seeking financial gain in litigation contexts. The resulting lawsuit and ongoing class action highlight the legal and regulatory repercussions that can follow when such unauthorized access is uncovered, underscoring the intersection of corporate interests, legal discovery processes, and cyber‑security violations.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources