Slashdot Mirror
Bank Of America Loses 1.2 Million Customer Records
Christopher Reimer writes "C|Net is reporting that Bank of America lost 1.2 million customer records when some backup tapes went missing while being shipped to a backup center. The lost records mainly effect U.S. government employees involved in the SmartPay program. From the article: 'The acknowledgment comes as several other cases of businesses losing consumer information have come to light.'"
SmartPay program
Doesn't sound so smart right now...
As a US Government employee (US Air Force to be precise) I can tell you that Bank of America is regarded by most of us (us = gov't employees) as a faceless entity that cares nothing for customer service. I doubt this will come as much of a surprise to those of us who have been required by our occupation to associate with them for some time. Maybe now the powers that be will get their collective head out and pick a new bank.
Specialization is for insects. -Heinlein
I wonder who got all the data now. Losing stuff is bad but finding stuff in the wrong hands is much worse.
Now, I generally frown on lawsuits, but this is one type of case where it works. The people on these lists need to start filing class action lawsuits against these companies. Large corporations only feel something when they lose money, maybe it would send the message that you will be held accountable if you do not take security seriously.
As we all know, nothing is as valuable as our information.
But aren't the backups encrypted? Right?
You may recall the recent Choicepoint security breach. Apparently there's profit to be made in between finding out about a security breach and actually announcing it!
ChoicePoint execs sold shares before theft news
ChoicePoint Inc.'s top two executives made a combined $16.6 million in profit from selling company shares in the months after the data warehouser learned that people's personal information may have been compromised and before the breach was made public, regulatory filings show. ChoicePoint's stock has dropped about 10 percent since last week when the company announced that criminals had duped it into allowing them access to its massive database. Alpharetta, Ga.-based ChoicePoint says the stock trading was pre-arranged under a plan approved by the company's board. Corporate governance experts say the pattern and timing of the trading by chief executive Derek Smith and president Douglas Curling raises questions. Smith and Curling did not respond to repeated requests through a spokesman for comment Friday.
Full Story: Twincities.com (Subscription Requred - use bugmenot.com)
I'm a big tall mofo.
When businesses started collecting huge amounts of detailed via through the web in the mid 1990's, it was clear where we were heading:
1. unlimited storage capacity meant complex and detailed records could be kept on every person.
2. guaranteed incompetence meant these records would be abused, lost, exposed and manipulated.
I don't see either of these trends changing.
Applies to both commercial and governmental databases. Chaos, mess, confusion, abuse, on a huge and ever-increasing scale.
Welcome to the 21st century. You can opt out by unchecking the "Connect to the Internet" box about 10 years ago...
Sig for sale or rent. One previous user. Inquire within.
GSA Smartpay is a program through which gov't employees are issued what is essentially a company credit card, but the US Gov't is the company. They're used for official purchases, for gas cards for government owned vehicles, etcetera.
a geTypeId=8199&channelPage=%2Fep%2Fchannel%2FgsaOve rview.jsp&channelId=-13497
The following website explains it in governmentese:
http://www.gsa.gov/Portal/gsa/ep/channelView.do?p
Specialization is for insects. -Heinlein
-kgj
-kgj
One might easily assume that the executives are profiteering swine, and that the company's board members are colluding at the trough.
Furthermore, ChoicePoint has a
-kgj
Especially from a company that prided itself in TV ads as one that "engineer[s] our own software" because "one error in a billion" in their checking was one too many.
Well, I guess they have at most 999,999,999 more transactions until we know that they've blown their *ahem*commitment to their consumers--unless you count each person affected as an error here, in which case we can probably sue them for false advertising. Or at least utter stupidity.
That said, I bet someone mixed those backup tapes in their bedroom with their pornos, in which case roughly half of the Government officials are thanking teh Bank this morning.
You can hold down the "B" button for continuous firing.
These were data tapes. Been in use long before the Internet, and, almost certainly, have been going missing long before the Internet. Could just as well have happened with old fashioned ledgers in 1910.
For all we know, they were stolen out of the back of some truck and lifted by the overnight cleaning crew.
-- Slashdot: When Public Access TV Says "No"
Either you didn't read the article very well, or it just didn't sink in, given the questions. Quote " lost in shipment to a backup center", to to answer the second question, chances are it WAS a secure offsite storage that it was going to. This also answers the first question. Third question too. And finally, for the fourth one, it is routine to make tape backups of large quantities of data and ship to an offsite storage. In the article, it didn't say anything about flying, nor baggage handlers, unless they modifed the article from when I read it.
These two statements seem to be at odds with each other:
"We deeply regret this unfortunate incident," Barbara Desoer, who is in charge of technology, service and fulfillment for the Charlotte-based bank, said in a statement. "The privacy of customer information receives the highest priority at Bank of America, and we take our responsibilities for safeguarding it very seriously."
Sen. Charles Schumer, a New York Democrat, told Reuters that he had been informed by the Senate Rules Committee that the data tapes were likely stolen off a commercial plane by baggage handlers.
So - they are so concerned about maintaining the security of their data that they gave it (in a very non-descript way mind you) to a group of people outside of their organization who have a history of struggling with integrity.
yippee...
As this also includes some senators records, maybe now something will be done about this type of thing.
For the ignorant amoung us does anyone know exactly big a magnetic tape(s) containing 1.2 million customer records are? Are they say, big enough to fit in a breifcase or are they more on the truckload size?
Since I'm apparently so at risk of having my online identity stolen, I guess it's time to go steal a few myself -- never hurts to have some backup indentities!
In Europe this bank would be in major trouble. Does the US seriously not have any laws what-so-ever regarding personal information? even for banks and medical records!? I know there are some states where you have to be told if its lost but thats pretty pathetic.
This comment does not represent the views or opinions of the user.
I doubt that you meant it that way but, your post has rubbed me the wrong way. Your's is just the latest in a long running series of similar posts where the blame for a situation is redirected at the victim.
The tapes were believed to be stolen by airport bagage handlers during shipment to BoA's offsite facility, likely another datacenter. It's still under investigation so the news agencies are not yet able to accurately report exactly what happened.
By all accounts BoA has made reasonable effort to protect its data, its tapes and its customers. BoA, and by proxy its customers, are the victim of theft. The blame lies squarely on the shoulders of the thieves and no where else.
In ANY incident, there will always be something more that could have been done to prevent the incident from happening. But, it becomes a question or reasonable care. Was reasonable care taken? It certainly seems as if it was in this case.
Let's put the blame where it belongs. Don't redirect the blame to the victims.
I have browsed through the comments and I am shocked to see that people comments show that the only thing that should worry BoA about this issue is the PR problem or if they piss off some VIP by revealing its data. One of them even claimed that the bank could benefit from this.
The data of a company is one of its most important actives, and forever (long before the computers hage) the companies have tried to lock it, because it shows everything about its costumers, but also it shows everything about the companies themselves.
Now if a bank gets hold of that data, they can browse and find out which are the good customers(a lot of transactions, no problems with payment or delays, big benefits) and try to offer them better conditions than their current ones and which one are the bad customers (little movement, debts, bad financial situation) and must be rejected if they go to their bank.
Aside from the legal and PR stances, the companies own interest is to protect its data, and it is enough to make me sure that some heads have been already cut...
Why can't
My bank (a big chartered bank here in Canada) lost "a number of documents" in their branch renovation move - across the street! My documents were in the "number" that they had lost. I have a letter on bank letterhead to prove it, even if it took me over a month to get it. The bank seemed unconcerned.
Sure, the senators are outraged that this happened. But they should be even more outraged that BoA chose to use a method so cheap to transfer critical data.
Quite a lot of 'critical data' and other items is moved on commercial airlines every day. Backup data such as this, organ transplants, diplomatic pouches, etc.
The airline is merely a subcontrator of BoA, charged with moving the stuff from A to B. An organization cannot handle everything inhouse. Quite a lot of functions are subcontracted out. The only more secure way would be for BoA to own and operate their own fleet of transport aircraft, with their own baggage handlers, and the data moved from the data center to the airport by their own security personnel, in their own armored trucks.
Same for a hospital. If they have to send your records somewhere, should the have to do it on their own aircraft?
This is /. Anytime anything bad happens, MS has to be implicated somehow. I believe there is a function for that in SlashCode.
They will be getting fined $500 for exposing individuals personal information and they will also be getting fined $50,000 by the FCC because someone at the company said "Oh Shit!"
News Reporters Make Tasty Polar Bear Treats!
Sen Leahy wrote http://leahy.senate.gov/press/200502/022205.html to the Senate Judiciary Chairman Arlen Specter in the wake of ChoicePoint. From what I've read there will be hearings, but not sure when. I hope it leads to the start of strict laws on consumer data protection. I have doubts.
no one EVER recovers anything from tapes anyways.
Why read the article when I can just make up a snap judgement?
Interesting in the context of this news story...
A friend of mine was marvelling how Bank of America, which is normally very fast to process debits and checks written against a balance, seemed to lag a bit between late the week before last and mid this week. As in, none of his transactions against his balance posted for nearly a week, then in the middle of this week, they all posted at once. He speculated that they must have had computer problems for a few days.
I wonder if the behavior he was telling me about was a result of everything stopping while the bank investigated this records situation. I don't have B of A, so I can't tell if it was just something unique to his account, or if it affected all customers.
I, too, haven't heard much good about Bank of America, so I've avoided them. Unfortunately, my experience is, most of the banks that are large enough to offer "conveniences" like ATM machines in multiple places in town will screw you over.
I view my banks as necessary evils, and little more. I have my primary checking account with U.S. Bank right now, and for a while, thought they were going to be "above average". They offer free, unlimited online billpay, for example - while many others want to charge monthly fees for using it. Unfortunately, they're teriffic about tossing around service charges and penalties like candy at every opportunity.
For example, a while back, they talked me into getting a VISA card with them, to go along with my checking account and debit card. (They said, if you want overdraft protection on your checking account, this is the only way you can do it. Get our VISA card, and then if your account is ever overdrawn, we'll just charge the difference to the VISA and save you all those bounced check charges, etc.) Sounded good - but it's been a nightmare. When I got divorced, I asked to have my card numbers changed for security reasons. They did, but that broke the relationship between the VISA card and my new bank acct. # - and it took me almost a week to get it resolved. (It was still providing the overdraft protection on the old account number!)
After that, I started having problems where every time my checking account came within $75 or so of being overdrawn, they'd automatically transfer hundreds of dollars over from the VISA, plus service charges, even though I never actually overdrew it at all.
Last week, I rushed to deposit my paycheck before several online billpay payments were due to process. Even though the check cleared on the same day the outgoing payments were scheduled for - they overdrew my account first, and THEN credited the deposit to it. Again, a tactic to maximize their service fees.
Clearly, the US Government should then have access to all our personal information, and closely monitor each and every one of our personal financial transactions. Only with this amount of surveillance and control can the government be expected to fully do its job in protecting its citizens from financial terrorism.
As an added bonus, citizens who purchase certain combinations of items will be awarded an all expenses paid trip to the beautiful country of Cuba.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
When I was arrested for bank robbery, part of the process involved a pre-sentencing interview by the Parole Department. I told them I worked at BOFA for two and a quarter years from January 1985 to April of 1987.
When they contacted BOFA to verify this, BOFA could not find any record I'd worked there, either under my name or SSN.
At the sentencing hearing, my PD told the judge he was prepared to produce names of supervisors, etc., to verify I had worked there. The judge decided that was unnecessary, commenting "It really makes you wonder how well they're keeping your money."
If they can't find employees, I'm sure they have no trouble losing customers.
BOFA is your typical big corporation - worse, a big bank. This means virtually everyone in the organization is incompetent and couldn't care less about their job.
As an example, I worked on customer support of the Microstar cash management system sold by BOFA's Automated Treasury Services Division to Fortune 1000 corporation treasury departments. This software package included a subsystem from a third party company which was riddled with bugs. When we in support were advised that the rest of that company's package was to be purchased and resold to replace the in-house developed part of the system, we advised against it. Ignoring us, management went ahead which resulted in 400 bugs in the bug database after rollout.
In the meantime, management concluded that the market for this package was "saturated" (no such thing in software - you upgrade and resell - where would Microsoft be if they thought the market was "saturated" after Windows 3.1?), so they either re-assigned or laid everybody off. The managers were promoted, and everybody else got dumped (or fired, in my case.)
So, yes, no surprise these morons lose customers.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!