Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over Half a Million Bank Accounts Breached

Posted by CmdrTaco on from the thats-a-whole-lotta-breach dept.

Gone Phishing writes "CNN is reporting that about 676,000 bank accounts in at least four banks (Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services) have had personal information "illegally sold". Over 60,000 customers have been notified so far."

12 of 450 comments (clear)

  1. US data protection act? by Colin+Smith · · Score: 4, Informative

    Isn't there a US equivalent of the Data Protection Act?

    http://www.opsi.gov.uk/acts/acts1998/19980029.htmh ttp://www.opsi.gov.uk/acts/acts1998/19980029.htm

    A few holes, especially principle eight, but overall it does what it's supposed to.

    --
    Deleted
    1. Re:US data protection act? by neverkevin · · Score: 3, Informative

      I don't know if the US government has any specific policies reguarding PPI and financial data, but the HHS has HIPAA http://www.hhs.gov/ocr/hipaa/ for personal medical data. The state of California has SB1386 to protect Californians personal financial data. However, neither go far enough and I am supprised more incidents are not made public. I suspect there are many more security breaches that companies are quiet.

    2. Re:US data protection act? by arkanes · · Score: 3, Informative
      This is not true. In fact, it is the opposite of true. Mere aggregation of data (like phone books, famously) are *not* copywritable. There is some wiggle room, especially if you have good lawyers - again famously, the annotations and numbers added by Lexis to court rulings are considered copyrightable, thus giving them a defacto control over large chunks of legal documents.

      Because databases are not protected, many large personal-information companies have been pressuring Congress to pass special protection laws for them, but so far none have passed.

  2. after reading article by tofucubes · · Score: 4, Informative
    according to the article at least 108000 customers were notified that's about a fifth

    Bank of America (up $0.10 to $46.67, Research), the nation's No. 2 bank, has notified 60,000 customers of the problem. Wachovia (Research) has notified 48,000 customers.

    --
    Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
  3. Be thankful. by jd · · Score: 4, Informative
    It is only very recently that States - like California - require the publishing (even to victims) of this kind of information. Had this happened even a few years back, we'd be none the wiser until we'd all been ripped, and even then the banks would likely claim innocence.


    (Those from the UK may recall the curious scandal of "Phantom Withdrawls" from ATM machines, where mysterious, large withdrawls were taking place, even though nobody was apparently present to make those withdrawls. It was unimaginably difficult to prove the vitim was a victim, and even then it was next to impossible to get the bank to repay the money.)

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. check your accounts by lambent · · Score: 4, Informative

    /me scans article ... wachovia, pennsylvania ... shit.

    Wachovia says that they sent out letters to everyone they know to be affected. My mail service is spotty at times, so I gave them a call. 1-800-WACHOVIA (1-800-922-4684). Just keep pressing 0 till you get an operator. Their customer service workers were able to tell me over the phone if my account was compromised. It's not. w00t! Took them about five minutes, but I think everyone should double check.

  5. For Banks, we do by TykeClone · · Score: 3, Informative
    It's called the Gramm-Leach-Bliley act.

    It has two purposes - the first purpose is to have financial institutions adopt measures to protect consumer data. The second purpose is to add a great deal of paperwork and extra compliance steps that bank staff must accomplish without adding any extra safety to the information.

    I believe that in health care, HIPPA or HIPAA (which ever one it was!) accomplished much the same thing.

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  6. Re:What about the agencies? Will they face charges by 4Runner · · Score: 3, Informative

    Feds said that was part of Phase 2.

    "Lomia said the law firms that allegedly sought Lembo's services are part of "phase two" of the investigation."

  7. A simple solution by Anita+Coney · · Score: 3, Informative

    Some states allow citizens to block use of their credit report. Thus, even if someone steals your SSN, your birth certificate, and your drivers license, they're unable to obtain any new credit in your name, because no one is going to give credit without first getting a credit report.

    Sure, it doesn't solve all problems with ID theft, but it certainly helps.

    --
    If someone says he and his monkey have nothing to hide, they almost certainly do.
  8. It's not perfect, it can be made more difficult. by khasim · · Score: 4, Informative
    If you RTFA, you'll see that this was an inside job done by corrupt upper-level employees.
    Yep.
    Setting aside security-Utopia for a second, at some point you have to trust your own employees, especially "upper level" ones.
    Nope. It shouldn't be that hard to have every employee's access to every account logged.

    Then, you have those logs checked by another person, not at that location. Was there a legitimate reason for the access (withdrawl/deposit)? Was that access initiated by the customer?

    The people monitoring the logs will not have access to the personal information of the accounts.

    Now, if the logs are checked on a random basis (Joe is NOT the only person who checks all of Seattle's logs) then that activity is much easier to spot.
    When that trust turns out to be misplaced, there's not a lot one can do to prevent malfeasance.
    The key is to build a system where individuals are NOT allowed unchecked access to personal information.

    The reason we don't have systems like that is because there isn't any financial incentive to implement them.

    The US does NOT have the same privacy laws that other countries have so this kind of activity is MUCH easier to get away with.
  9. Re:Makes you wonder by gcatullus · · Score: 3, Informative

    One of teh biggest reasons is that these large national banks have become large national banks by buying up the smaller ones. An account that I opened about 20 years ago, has gone through 4 banks. I have never had to change account numbers or anything and I think many people just don't liek change, so they stick with what they have.

  10. Wells Fargo has BOA beat by a mile! by funk49 · · Score: 4, Informative

    Wells Fargo has *THE* worst security of all the large financial institutions.

    Last year, I received a notice that my personal info was on a system of theirs that was compromised. I called the customer support number given and inquired about what happened. Turns out, a laptop at a billing facility (yeah, i know...a laptop) was stolen along with a few others in a physical security breach.

    On that laptop was the personal info (SS numbers, addys, everything) of 300,000 account holders. Yes, that's right...300,000! Worse part is that this same scenario has occurred 3 times in the last 2 years!

    Wells Fargo's CSO and CISO should be flipping friggin' burgers instead of providing security as they are
    setting the standard for how bad you really can be.

    Hey Wells Fargo asshats, ever heard of getting some kind of policy and compliance audits going?