Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over Half a Million Bank Accounts Breached

Posted by CmdrTaco on from the thats-a-whole-lotta-breach dept.

Gone Phishing writes "CNN is reporting that about 676,000 bank accounts in at least four banks (Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services) have had personal information "illegally sold". Over 60,000 customers have been notified so far."

11 of 450 comments (clear)

  1. The bigger they are... by __aaclcg7560 · · Score: 5, Interesting

    This is why I switched to a local credit union a few years ago. Seems like the bigger the bank, the bigger the security breach. Worse... they nickel-and-dime you on everything else.

  2. Conflict of interest by __aaitqo8496 · · Score: 5, Interesting

    Customer account numbers and balances were allegedly sold to a man who then sold the information to collection agencies, the Hackensack police department said in a statement. Reuters reports that the information has not been found to have been used in any identity theft schemes.

    /snip/

    The case has led to criminal charges against nine people, including seven bank employees and alleged ring leader Orazio Lembo, who operated DRL Associates, a company that advertised as a skip-and-trace collection agency.

    Hmmm... working for a bank and a "collection agency". Sounds like a conflict of interest banks might want to look out for and possibly stipulate that working for a collection agency is not permitted while working for a financial institution.

  3. Re:US data protection act? by jd · · Score: 4, Interesting
    Not exactly. In fact, so not exactly that Europe has repeatedly warned the US that it is technically illegal for European companies to trade personal data with the US, due to a total lack of any privacy law.


    The closest the US has is the DCMA, which prohibits the reverse-engineering of encrypted data for the purpose of copying it, which essentially makes it a crime to steal encrypted personal data, but I've yet to hear of anyone actually prosecuted this way and it is extremely unlikely to ever happen.


    Largely because commercial companies often don't encrypt personal data for customers.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Screw identity theft... by Racter · · Score: 4, Interesting

    ...do the police intend to track down the information to and "reclaim" it from the collection agencies, advertisers, etc.?

  5. Stop using big banks by Figz · · Score: 4, Interesting

    My bank offers:

    1. Higher interest rates
    2. Interest-bearing checking accounts
    3. No fees ever
    4. Free online billpay
    5. ATM fee refunds (since they don't have their own ATMs)
    6. Postage paid envelopes for deposits
    7. 24/7 Customer Service with almost 0 hold time
    8. No BS

    I switched to an internet bank a long time ago and I'll never look back. But I'm not going to tell you what the bank is because I don't want it to turn into a "big bank". Go find your own.

    --
    [figz@figz figz]$ kill -9 `ps -ef | awk '$1=="figz" { print $2 }'`
  6. 10 is a good start by Nom+du+Keyboard · · Score: 4, Interesting
    Account information on the customers was illegally sold by bank employees to a man identified as Orazio Lembo

    Everyone involved in this should be in jail Now! Ten years apiece is a good start.

    And I don't mean Club Fed either.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  7. Re:Makes you wonder by Zed2K · · Score: 4, Interesting

    Probably because the larger banks have more of a presence in the towns people live in. I hate getting charged a fee to get to money that is mine from ATM's. Here there are Bank of America machines everywhere. No atm fees, no having to request atm fees reversed.

    I've NEVER paid a fee with my BoA account. I don't know how so many people have problems. Free bill pay, free online banking, free bank transfers, overdraft protection, free checking. Hell I even get free checks, not that I write checks anymore though. Only thing I don't like is the horrible interest rate, but thats why I've got a ING account in addition to my BoA accounts.

    I've noticed with the small banks (and yes I've looked into them) the online banking sucks, bill pay is a pain in the ass to use and the tellers aren't too bright.

  8. Re:It's not perfect, it can be made more difficult by Anonymous Coward · · Score: 5, Interesting

    Nope. It shouldn't be that hard to have every employee's access to every account logged.

    I worked at a large financial institution (life insurance, in a branch of a bank. Hell what I'm saying is 100% accurate so let me say that I'm talking about RBC Insurance - Life, whose offices are in Mississauga, Ontario) a while back, and had full access to hundreds of thousands of customer's data, including specially separated "high net worth" clients. I looked around and realized that on any of the developer PCs (where the user was admin. Actually these morons set DOMAIN\Users as admins, which meant that there was no PC to PC security and any hack could occur by co-opting a coworker) a USB key or PDA could siphon off everything.

    Realizes how insanely loose the controls were, I proposed initiative after initiative to tighten up the system, and to add some sort of read logging, but I learned firsthand that financial institutions, presuming this one was par for the course, are 95% politics, and 5% actual concern about customers. The only way any sort of checks and balances were going to be implemented is if it properly gave a handjob to every useless mid-level manager planning their next Machiavellian maneuver (and successfully ensured that I didn't look good out of it, as a shop like RBC is configured in such a way that only the mediocre persist. If you look good, the next time a management churn occurs some clueless twit will purge the clueful). It really was eye opening, and the status quo was maintained and everyone acted like nothing was wrong.

    Of course you really have to work in a place like that to fully appreciate how terribly incompetent such organizations are, and to maek it more fun they churn their management around with no logic or thought. Remarkable stuff.

  9. Re:It's not perfect, it can be made more difficult by soft_guy · · Score: 4, Interesting

    The reason we don't have systems like that is because there isn't any financial incentive to implement them.

    The reason we don't have this is because, in the USA, the crooks are writing our laws.

    --
    Avoid Missing Ball for High Score
  10. value, protection and economics by slew · · Score: 5, Interesting

    The way I see it, many of the companies that collect personal information, (banks, radioshack, etc) see little or no value in the information they are protecting, it's only their value of reselling it (e.g., like a pawn shop). As a old tired example, why does radioshack need a phone number when you buy a battery?

    IMHO, the goal should be to make economics work for us. The cost of them collecting and securing it should balance the value the get from selling it. Then if the expected return on investment is zero, why would they even bother to collect it? It's just because right now it costs them little to collect it and they can resell it for more is why they do it right now.

    One way to get this to assign big penalties to losing control of the info so that the expected cost is high. Another way is to just bill them up front (e.g., tax companies for collecting the information). I'm guessing that in the end, some combination of things would be optimal.

    Another thing to look at is to licence people (not companies) to handle information. For example, it takes a registered notary public (not a flunky that the bank assigns) to witness signatures on major business transactions. Why can a company assign some skript kitty to process social security numbers? Why should a bank VP have any access at all? Getting notary public certification is trivial for anyone with a 1/2 a brain, but they make it very clear that your butt is on the line, not the company's butt, so most of them take it pretty seriously. Something about a few hours studying for a test and a name on a license and some personal responsibility makes most folks take their jobs less like a joke (although you occasionally get the rougue CPA or notary, it isn't very common)... Maybe it's time for a certified public information collection certificate or something like that...

    Anyhow, that's just food for thought...

  11. Re:Stolen Account Information and Dupes by Vitriol+Angst · · Score: 5, Interesting

    I can't understand the "Group Think" that is going on. The same people who want to unleash the FBI on kiddies who download mp3's seem to never hold businesses accountable for anything.

    We are so ripe for authoritarian rule. We want to leave control of our lives to others, and all we expect of security is to punish someone who doesn't cross every t and dot every i when they report on the failures.

    The fact that Wachovia has my money and social security number and can demand many things of me without proof (such as fees and late charges), means that conversely, they should be responsible and compensate me for any damages resulting from their failure to live up to this trust. I think I need to pull my money out this week.

    I thoroughly expect the news service to retract and fire anyone who reported this, but might have gotten the date wrong.

    --
    >>"ad space available -- low rates!!!"