Slashdot Mirror
Over Half a Million Bank Accounts Breached
Gone Phishing writes "CNN is reporting that about 676,000 bank accounts in at least four banks (Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services) have had personal information "illegally sold". Over 60,000 customers have been notified so far."
Isn't there a US equivalent of the Data Protection Act?
h ttp://www.opsi.gov.uk/acts/acts1998/19980029.htm
http://www.opsi.gov.uk/acts/acts1998/19980029.htm
A few holes, especially principle eight, but overall it does what it's supposed to.
Deleted
I read about this a month ago, in a letter from Bank of America.
No, realy...
Bank of America (up $0.10 to $46.67, Research), the nation's No. 2 bank, has notified 60,000 customers of the problem. Wachovia (Research) has notified 48,000 customers.
Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
(Those from the UK may recall the curious scandal of "Phantom Withdrawls" from ATM machines, where mysterious, large withdrawls were taking place, even though nobody was apparently present to make those withdrawls. It was unimaginably difficult to prove the vitim was a victim, and even then it was next to impossible to get the bank to repay the money.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
/me scans article ... wachovia, pennsylvania ... shit.
Wachovia says that they sent out letters to everyone they know to be affected. My mail service is spotty at times, so I gave them a call. 1-800-WACHOVIA (1-800-922-4684). Just keep pressing 0 till you get an operator. Their customer service workers were able to tell me over the phone if my account was compromised. It's not. w00t! Took them about five minutes, but I think everyone should double check.
It has two purposes - the first purpose is to have financial institutions adopt measures to protect consumer data. The second purpose is to add a great deal of paperwork and extra compliance steps that bank staff must accomplish without adding any extra safety to the information.
I believe that in health care, HIPPA or HIPAA (which ever one it was!) accomplished much the same thing.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
In Massachusetts, there are essentially two ATM networks, and you pay a fee if you use the wrong one.
There's the Bank Boston/Fleet/Bank of America network, and there's the SUM network that almost everyone else has joined.
In my case, my credit union doesn't charge fees for much of anything, and I can avoid ATM fees by avoiding the Bank of America ATMs.
Companies are required to put "technical and organisational measures" in place to protect data.
# sch1ptI
If you can read legalese. The principles:
http://www.opsi.gov.uk/acts/acts1998/80029--l.htm
Course, I'm not entirely sure how big the teeth are.
Deleted
Lol, I can corroborate that BofA is feeding you a load of crap. These types don't admit anything they don't ABSOLUTELY have too.
Free Mac Mini Yeah, it's
Feds said that was part of Phase 2.
"Lomia said the law firms that allegedly sought Lembo's services are part of "phase two" of the investigation."
Some states allow citizens to block use of their credit report. Thus, even if someone steals your SSN, your birth certificate, and your drivers license, they're unable to obtain any new credit in your name, because no one is going to give credit without first getting a credit report.
Sure, it doesn't solve all problems with ID theft, but it certainly helps.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Then, you have those logs checked by another person, not at that location. Was there a legitimate reason for the access (withdrawl/deposit)? Was that access initiated by the customer?
The people monitoring the logs will not have access to the personal information of the accounts.
Now, if the logs are checked on a random basis (Joe is NOT the only person who checks all of Seattle's logs) then that activity is much easier to spot.The key is to build a system where individuals are NOT allowed unchecked access to personal information.
The reason we don't have systems like that is because there isn't any financial incentive to implement them.
The US does NOT have the same privacy laws that other countries have so this kind of activity is MUCH easier to get away with.
One of teh biggest reasons is that these large national banks have become large national banks by buying up the smaller ones. An account that I opened about 20 years ago, has gone through 4 banks. I have never had to change account numbers or anything and I think many people just don't liek change, so they stick with what they have.
Since both a former employer of mine (SAIC), and a store that I made purchases at (DSW) have had recent losses of data, I am maintaining a fraud alert on my records at the credit bureaus. You can do this for free simply by calling any of the "big three" (Equifax, Experian or Trans Union) and requesting it. You only need to contact one of them, as the alert information will be forwarded to the other two. (It only lasts for 90 days, so you'll have to renew if you want it to continue.)
I don't know about the rest of the country, but up in Boston I imagine it often happened something like this:
1. Sign up for an account at Arlington Trust Co., a local bank (1987);
2. Arlington Trust Co. merges with Shawmut (1988);
3. Shawmut merges with Fleet (1995);
4. Fleet merges with BankBoston (itself the result of serial mergers) to become FleetBoston (1999);
5. FleetBoston merges with Bank of America (2004).
In other words, these are the world's largest banks because of a series of mergers and absorptions of the world's smaller banks. And once people have their money in a particular bank, it's not always convenient to move it somewhere else. I personally have my money in a small local bank, but if they merged with a larger bank it'd take a pretty serious degradation of quality to get me to switch.
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
A while back banks like Wachovia tried to tighten down on their customers charging fees for seeing tellers, fees for ATM transactions, fees for deposits, fees for various forms, fees for breathing, etc. That didn't last long, so customers must have voted with their wallets. I know I rejoiced at being able to join credit unions at the time, because at least they don't treat their customers like an illness.
(off topic: what do blind slashdotters think of these new "confirm you're not a script" thingies?)
Allegedly the affected customers have been notified by their banks. This leads to a question I have - with phishing being so common, when anyone receieves an e-mail from their bank, do they believe it's really from their bank anymore? Especially when it says it's about an alleged comprimise of their account?
One of the wost things about spammers is that they generate a "boy who cried wolf" problem for people sending legitimate e-mails.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
No, nor did they promise the bank president wouldn't take all of my money to buy coke, hookers, and a ticket to Fiji.
In the law there are such things as due dilligence, and negligence. Some of these organizations need to get hit with a massive lawsuit in order for the message to be sent loud and clear.
Actual Bank Transcript... no joke.
Operator: Hi, your account has been on the fraud list and one of the transaction is under investigation.
Customer: What do you mean?
Operator: There has been a debit of $15000 in a transaction last night.
Customer: Have I been robbed?
Operator: Sort of. Because you did not purchase our Anti-Fraud plan, we will be working in recovering the stolen amount. But you will see a permanent debit of $60.
Customer: So I gain $15000 back, but lose $60?
Operator: yes
Customer: Great!
I don't know about you, but in australia, it's called "100 points of ID"
From some random
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
Wells Fargo has *THE* worst security of all the large financial institutions.
Last year, I received a notice that my personal info was on a system of theirs that was compromised. I called the customer support number given and inquired about what happened. Turns out, a laptop at a billing facility (yeah, i know...a laptop) was stolen along with a few others in a physical security breach.
On that laptop was the personal info (SS numbers, addys, everything) of 300,000 account holders. Yes, that's right...300,000! Worse part is that this same scenario has occurred 3 times in the last 2 years!
Wells Fargo's CSO and CISO should be flipping friggin' burgers instead of providing security as they are
setting the standard for how bad you really can be.
Hey Wells Fargo asshats, ever heard of getting some kind of policy and compliance audits going?