Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank Of America Loses 1.2 Million Customer Records

Posted by Zonk on from the great-week-for-customer-service dept.

Christopher Reimer writes "C|Net is reporting that Bank of America lost 1.2 million customer records when some backup tapes went missing while being shipped to a backup center. The lost records mainly effect U.S. government employees involved in the SmartPay program. From the article: 'The acknowledgment comes as several other cases of businesses losing consumer information have come to light.'"

17 of 299 comments (clear)

  1. So? by BibelBiber · · Score: 2, Insightful

    I wonder who got all the data now. Losing stuff is bad but finding stuff in the wrong hands is much worse.

  2. Well... by JavaMoose · · Score: 5, Insightful
    This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

    Now, I generally frown on lawsuits, but this is one type of case where it works. The people on these lists need to start filing class action lawsuits against these companies. Large corporations only feel something when they lose money, maybe it would send the message that you will be held accountable if you do not take security seriously.

    As we all know, nothing is as valuable as our information.

    1. Re:Well... by reallocate · · Score: 5, Insightful

      This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

      You're hearing about this because of the flap about CheckPoint, and you heard about CheckPoint because of the current flap about identity theft.

      If not for those circumstances, these stories would very likely have been reported in the business press, but otherwise below the general public's radar.

      So, you have no reason to assume that the first appearance of an event on TV or in Slashdot means it never happened before.

      BofA ought, of course, be held responsible for their behavior. I don't know if these cardholders can sue, since the card's were issued to them in conjunction with their federal employment. And, unless they are able to document loss as a result of the loss, I'm not sure what grounds they'd have for a suit.

      That said, BofA just dug itself a big hole for the next contract recompete. Their accountablity may come in the form of losing that recompete. (Don't imagine, though, that a contract of that size will be given to some local mom-and-pop bank.)

      --
      -- Slashdot: When Public Access TV Says "No"
    2. Re:Well... by bombadillo · · Score: 2, Insightful

      I used to work in the UK and am a little familiar with the Data Protection Act. We could not access the system from outside of the UK since the systems contained information regarding UK tax data. It's very different over here. I was surprised to find out that large US tax firms send their work over seas to get processed. I don't believe that we have a Data Protection Act which is as robust as the UK.

    3. Re:Well... by TopShelf · · Score: 3, Insightful

      Remember also that you heard about Checkpoint because California law requires that companies inform customers whose data has been comprimised. If this had happened just about anywhere else, it could easily have been swept under the rug.

      --
      Stop by my site where I write about ERP systems & more
    4. Re:Well... by mikeanuzis · · Score: 2, Insightful
      If I may bring something everyone's attention as a network security consultant:

      According to the 2004 FBI/CSI Computer Crime and Security Survey, 53% of polled corporations, government agencies, financial institutions, medical institutions, and universities detected computer security breaches within the last twelve months.

      To speak as if network security is some simple line item an organization would check-off and pay if they "cared" about their customers is utterly ignorant. Yes, there are thousands more organizations getting hacked all the time, losing their customer's information, and you never hear about it. I've done network forensics for three Michigan organizations that have been hacked already this year, and none of them told me "Hey by the way, please take this to the press and let everyone know we got hacked."

      The bottom line is this: No network is 100% secure. Security is not some line item that can be paid for when an organization "cares" about their customers. To speak as though any organization that gets hacked must have been negligent only exposes your ignorance on the topic.

      True, too many organizations purchase firewalls and IDS and think they're secure. Organizations need to learn security is a process. Not a product.

      That's where security consultants provide value.

  3. Encryption? by lachlan76 · · Score: 4, Insightful

    But aren't the backups encrypted? Right?

    1. Re:Encryption? by EvilTwinSkippy · · Score: 3, Insightful

      Yeah, and backups are also barcoded and hand-tranported by courier to and offsite storage/security vault.

      --
      "Learning is not compulsory... neither is survival."
      --Dr.W.Edwards Deming
  4. This has been coming for a _long_ time... by ites · · Score: 5, Insightful

    When businesses started collecting huge amounts of detailed via through the web in the mid 1990's, it was clear where we were heading:

    1. unlimited storage capacity meant complex and detailed records could be kept on every person.

    2. guaranteed incompetence meant these records would be abused, lost, exposed and manipulated.

    I don't see either of these trends changing.

    Applies to both commercial and governmental databases. Chaos, mess, confusion, abuse, on a huge and ever-increasing scale.

    Welcome to the 21st century. You can opt out by unchecking the "Connect to the Internet" box about 10 years ago...

    --
    Sig for sale or rent. One previous user. Inquire within.
  5. Spooky Business by handy_vandal · · Score: 3, Insightful
    According to Time.com ...
    The U.S. official said a large percentage of the accounts are for the Pentagon but that some 40 federal agencies and other entities are affected. Some of the tapes related to non-federal card-holders, the official added. Trower would not comment on which agencies are affected, referring questions to the General Services Administration. A GSA spokesperson had no immediate response to an inquiry about the matter, including whether any of the Pentagon's billions of dollars in secret "black" programs could be affected. Pentagon spokesman Bryan Whitman said the data loss includes files on 900,000 of the Pentagon's three million or so military and civilian workers. "It is a significant number of the Department's employees," he said, declining to say whether it affected any who are working undercover.
    Source
    Spooky business. One wonders ... were these records stolen by domestic agents? Foreign agents? Freelancers?

    -kgj
    --
    -kgj
  6. Not an Internet Issue by reallocate · · Score: 2, Insightful

    These were data tapes. Been in use long before the Internet, and, almost certainly, have been going missing long before the Internet. Could just as well have happened with old fashioned ledgers in 1910.

    For all we know, they were stolen out of the back of some truck and lifted by the overnight cleaning crew.

    --
    -- Slashdot: When Public Access TV Says "No"
  7. at odds by underworld · · Score: 4, Insightful

    These two statements seem to be at odds with each other:

    "We deeply regret this unfortunate incident," Barbara Desoer, who is in charge of technology, service and fulfillment for the Charlotte-based bank, said in a statement. "The privacy of customer information receives the highest priority at Bank of America, and we take our responsibilities for safeguarding it very seriously."

    Sen. Charles Schumer, a New York Democrat, told Reuters that he had been informed by the Senate Rules Committee that the data tapes were likely stolen off a commercial plane by baggage handlers.

    So - they are so concerned about maintaining the security of their data that they gave it (in a very non-descript way mind you) to a group of people outside of their organization who have a history of struggling with integrity.

    yippee...

  8. Re:Well.. by mboverload · · Score: 2, Insightful
    I wish all the senators personal info was stolen by theives and logged and posted to the net by spyware companies.

    Then they might just get a freakin clue.

  9. Annoying by FreeLinux · · Score: 4, Insightful

    I doubt that you meant it that way but, your post has rubbed me the wrong way. Your's is just the latest in a long running series of similar posts where the blame for a situation is redirected at the victim.

    The tapes were believed to be stolen by airport bagage handlers during shipment to BoA's offsite facility, likely another datacenter. It's still under investigation so the news agencies are not yet able to accurately report exactly what happened.

    By all accounts BoA has made reasonable effort to protect its data, its tapes and its customers. BoA, and by proxy its customers, are the victim of theft. The blame lies squarely on the shoulders of the thieves and no where else.

    In ANY incident, there will always be something more that could have been done to prevent the incident from happening. But, it becomes a question or reasonable care. Was reasonable care taken? It certainly seems as if it was in this case.

    Let's put the blame where it belongs. Don't redirect the blame to the victims.

  10. Re:Well.. by ScrewMaster · · Score: 3, Insightful

    Yes, and they would most certainly take steps to protect themselves. What that would do for the rest of us is anyone's guess.

    --
    The higher the technology, the sharper that two-edged sword.
  11. Re:most aggravating thing by YrWrstNtmr · · Score: 3, Insightful
    These records were stolen during transfer on a *commercial airliner*. Why the hell would you put something that important on something you have no control over?
    Sure, the senators are outraged that this happened. But they should be even more outraged that BoA chose to use a method so cheap to transfer critical data.

    Quite a lot of 'critical data' and other items is moved on commercial airlines every day. Backup data such as this, organ transplants, diplomatic pouches, etc.

    The airline is merely a subcontrator of BoA, charged with moving the stuff from A to B. An organization cannot handle everything inhouse. Quite a lot of functions are subcontracted out. The only more secure way would be for BoA to own and operate their own fleet of transport aircraft, with their own baggage handlers, and the data moved from the data center to the airport by their own security personnel, in their own armored trucks.

    Same for a hospital. If they have to send your records somewhere, should the have to do it on their own aircraft?

  12. This Is No Surprise - BOFA Is Run By Morons by Master+of+Transhuman · · Score: 2, Insightful


    When I was arrested for bank robbery, part of the process involved a pre-sentencing interview by the Parole Department. I told them I worked at BOFA for two and a quarter years from January 1985 to April of 1987.

    When they contacted BOFA to verify this, BOFA could not find any record I'd worked there, either under my name or SSN.

    At the sentencing hearing, my PD told the judge he was prepared to produce names of supervisors, etc., to verify I had worked there. The judge decided that was unnecessary, commenting "It really makes you wonder how well they're keeping your money."

    If they can't find employees, I'm sure they have no trouble losing customers.

    BOFA is your typical big corporation - worse, a big bank. This means virtually everyone in the organization is incompetent and couldn't care less about their job.

    As an example, I worked on customer support of the Microstar cash management system sold by BOFA's Automated Treasury Services Division to Fortune 1000 corporation treasury departments. This software package included a subsystem from a third party company which was riddled with bugs. When we in support were advised that the rest of that company's package was to be purchased and resold to replace the in-house developed part of the system, we advised against it. Ignoring us, management went ahead which resulted in 400 bugs in the bug database after rollout.

    In the meantime, management concluded that the market for this package was "saturated" (no such thing in software - you upgrade and resell - where would Microsoft be if they thought the market was "saturated" after Windows 3.1?), so they either re-assigned or laid everybody off. The managers were promoted, and everybody else got dumped (or fired, in my case.)

    So, yes, no surprise these morons lose customers.

    --
    Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!