Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over Half a Million Bank Accounts Breached

Posted by CmdrTaco on from the thats-a-whole-lotta-breach dept.

Gone Phishing writes "CNN is reporting that about 676,000 bank accounts in at least four banks (Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services) have had personal information "illegally sold". Over 60,000 customers have been notified so far."

6 of 450 comments (clear)

  1. US data protection act? by Colin+Smith · · Score: 4, Informative

    Isn't there a US equivalent of the Data Protection Act?

    http://www.opsi.gov.uk/acts/acts1998/19980029.htmh ttp://www.opsi.gov.uk/acts/acts1998/19980029.htm

    A few holes, especially principle eight, but overall it does what it's supposed to.

    --
    Deleted
  2. after reading article by tofucubes · · Score: 4, Informative
    according to the article at least 108000 customers were notified that's about a fifth

    Bank of America (up $0.10 to $46.67, Research), the nation's No. 2 bank, has notified 60,000 customers of the problem. Wachovia (Research) has notified 48,000 customers.

    --
    Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
  3. Be thankful. by jd · · Score: 4, Informative
    It is only very recently that States - like California - require the publishing (even to victims) of this kind of information. Had this happened even a few years back, we'd be none the wiser until we'd all been ripped, and even then the banks would likely claim innocence.


    (Those from the UK may recall the curious scandal of "Phantom Withdrawls" from ATM machines, where mysterious, large withdrawls were taking place, even though nobody was apparently present to make those withdrawls. It was unimaginably difficult to prove the vitim was a victim, and even then it was next to impossible to get the bank to repay the money.)

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. check your accounts by lambent · · Score: 4, Informative

    /me scans article ... wachovia, pennsylvania ... shit.

    Wachovia says that they sent out letters to everyone they know to be affected. My mail service is spotty at times, so I gave them a call. 1-800-WACHOVIA (1-800-922-4684). Just keep pressing 0 till you get an operator. Their customer service workers were able to tell me over the phone if my account was compromised. It's not. w00t! Took them about five minutes, but I think everyone should double check.

  5. It's not perfect, it can be made more difficult. by khasim · · Score: 4, Informative
    If you RTFA, you'll see that this was an inside job done by corrupt upper-level employees.
    Yep.
    Setting aside security-Utopia for a second, at some point you have to trust your own employees, especially "upper level" ones.
    Nope. It shouldn't be that hard to have every employee's access to every account logged.

    Then, you have those logs checked by another person, not at that location. Was there a legitimate reason for the access (withdrawl/deposit)? Was that access initiated by the customer?

    The people monitoring the logs will not have access to the personal information of the accounts.

    Now, if the logs are checked on a random basis (Joe is NOT the only person who checks all of Seattle's logs) then that activity is much easier to spot.
    When that trust turns out to be misplaced, there's not a lot one can do to prevent malfeasance.
    The key is to build a system where individuals are NOT allowed unchecked access to personal information.

    The reason we don't have systems like that is because there isn't any financial incentive to implement them.

    The US does NOT have the same privacy laws that other countries have so this kind of activity is MUCH easier to get away with.
  6. Wells Fargo has BOA beat by a mile! by funk49 · · Score: 4, Informative

    Wells Fargo has *THE* worst security of all the large financial institutions.

    Last year, I received a notice that my personal info was on a system of theirs that was compromised. I called the customer support number given and inquired about what happened. Turns out, a laptop at a billing facility (yeah, i know...a laptop) was stolen along with a few others in a physical security breach.

    On that laptop was the personal info (SS numbers, addys, everything) of 300,000 account holders. Yes, that's right...300,000! Worse part is that this same scenario has occurred 3 times in the last 2 years!

    Wells Fargo's CSO and CISO should be flipping friggin' burgers instead of providing security as they are
    setting the standard for how bad you really can be.

    Hey Wells Fargo asshats, ever heard of getting some kind of policy and compliance audits going?