Bank Of America Loses 1.2 Million Customer Records

Christopher Reimer writes "C|Net is reporting that Bank of America lost 1.2 million customer records when some backup tapes went missing while being shipped to a backup center. The lost records mainly effect U.S. government employees involved in the SmartPay program. From the article: 'The acknowledgment comes as several other cases of businesses losing consumer information have come to light.'"

heh

[aendeuryu]

SmartPay program

Doesn't sound so smart right now...

Well..

[kunwon1]

As a US Government employee (US Air Force to be precise) I can tell you that Bank of America is regarded by most of us (us = gov't employees) as a faceless entity that cares nothing for customer service. I doubt this will come as much of a surprise to those of us who have been required by our occupation to associate with them for some time. Maybe now the powers that be will get their collective head out and pick a new bank.

Well...

[JavaMoose]

This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

Now, I generally frown on lawsuits, but this is one type of case where it works. The people on these lists need to start filing class action lawsuits against these companies. Large corporations only feel something when they lose money, maybe it would send the message that you will be held accountable if you do not take security seriously.

As we all know, nothing is as valuable as our information.

Re:Well...

[reallocate]

This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

You're hearing about this because of the flap about CheckPoint, and you heard about CheckPoint because of the current flap about identity theft.

If not for those circumstances, these stories would very likely have been reported in the business press, but otherwise below the general public's radar.

So, you have no reason to assume that the first appearance of an event on TV or in Slashdot means it never happened before.

BofA ought, of course, be held responsible for their behavior. I don't know if these cardholders can sue, since the card's were issued to them in conjunction with their federal employment. And, unless they are able to document loss as a result of the loss, I'm not sure what grounds they'd have for a suit.

That said, BofA just dug itself a big hole for the next contract recompete. Their accountablity may come in the form of losing that recompete. (Don't imagine, though, that a contract of that size will be given to some local mom-and-pop bank.)

I wonder how long ago they found out about this?

[bigtallmofo]

You may recall the recent Choicepoint security breach. Apparently there's profit to be made in between finding out about a security breach and actually announcing it!

ChoicePoint execs sold shares before theft news

ChoicePoint Inc.'s top two executives made a combined $16.6 million in profit from selling company shares in the months after the data warehouser learned that people's personal information may have been compromised and before the breach was made public, regulatory filings show. ChoicePoint's stock has dropped about 10 percent since last week when the company announced that criminals had duped it into allowing them access to its massive database. Alpharetta, Ga.-based ChoicePoint says the stock trading was pre-arranged under a plan approved by the company's board. Corporate governance experts say the pattern and timing of the trading by chief executive Derek Smith and president Douglas Curling raises questions. Smith and Curling did not respond to repeated requests through a spokesman for comment Friday.

Full Story: Twincities.com (Subscription Requred - use bugmenot.com)

This has been coming for a _long_ time...

[ites]

When businesses started collecting huge amounts of detailed via through the web in the mid 1990's, it was clear where we were heading:

1. unlimited storage capacity meant complex and detailed records could be kept on every person.

2. guaranteed incompetence meant these records would be abused, lost, exposed and manipulated.

I don't see either of these trends changing.

Applies to both commercial and governmental databases. Chaos, mess, confusion, abuse, on a huge and ever-increasing scale.

Welcome to the 21st century. You can opt out by unchecking the "Connect to the Internet" box about 10 years ago...

One more thing...

[kunwon1]

GSA Smartpay is a program through which gov't employees are issued what is essentially a company credit card, but the US Gov't is the company. They're used for official purchases, for gas cards for government owned vehicles, etcetera.

The following website explains it in governmentese:
http://www.gsa.gov/Portal/gsa/ep/channelView.do?pa geTypeId=8199&channelPage=%2Fep%2Fchannel%2FgsaOve rview.jsp&channelId=-13497

Big Brother's Little Helper?

[handy_vandal]

ChoicePoint Inc.'s top two executives made a combined $16.6 million in profit from selling company shares in the months after the data warehouser learned that people's personal information may have been compromised and before the breach was made public, regulatory filings show. ... ChoicePoint says the stock trading was pre-arranged under a plan approved by the company's board.

One might easily assume that the executives are profiteering swine, and that the company's board members are colluding at the trough.

Furthermore, ChoicePoint has a ... questionable history:

Consider what happened in Florida leading up to the 2000 presidential election. In 1998, the state hired a company called Database Technologies to scrub its voter rolls of ineligible voters. The scrub list was mandated by Florida legislators after a voting fraud investigation revealed dead people had cast ballots in the 1997 Miami mayoral election.

DBT combed through Florida's rolls and handed over the "ineligible" list to elections officials in May 2000 -- within days of the company's merger with ChoicePoint.

The problem was that DBT'S list purged the voter rolls not just of felons, who are disqualified from voting in Florida, but of eligible voters whose names resembled those of the felons.

While Florida and DBT failed to check a number of criteria that could have distinguished the actual felons from the non-felons, one criterion that DBT did bother cross-referencing was race. BBC reporter Greg Palast and a handful of US journalists reported that the majority of the felons on the list were black, so thousands of legitimate black voters with the same names as black felons were struck from the rolls. Because Florida blacks vote heavily Democratic, a disproportionate number of votes for Al Gore were thrown out.

According to analyses by news organizations, somewhere between 8,000 and 22,000 qualified votes went uncounted. Whatever the number, it towers over 537 -- the margin by which George W. Bush won Florida, and therefore the national election.

The most jarring part, according to Palast, who broke the story, was that DBT knew the list was flawed -- because a Florida official told DBT, in a 1999 e-mail, "Obviously, we want to capture more names that possibly aren't matches and let the county supervisors make a final determination." Palast says the fact that the company would even hand over known mistakes shows that it doesn't always do its best -- contrary to its corporate mantra -- to protect the government against itself.

Source

With companies like that, who needs Big Brother? -kgj

They Are Getting Fined!

[Evil+W1zard]

They will be getting fined $500 for exposing individuals personal information and they will also be getting fined $50,000 by the FCC because someone at the company said "Oh Shit!"