[ISN] Bank loses credit-card info of 1.2M federal workers

From: InfoSec News (isn@private)
Date: Mon Feb 28 2005 - 02:37:26 PST


http://www.computerworld.com/securitytopics/security/story/0,10801,100061,00.html

By Joanne Morrison
FEBRUARY 26, 2005 
REUTERS

Computer tapes containing credit-card records of U.S. Senators and
more than a million U.S. government employees are missing, Bank of
America said yesterday, putting the customers at increased risk of
identity theft.

The security breach, which included data on a third of the Pentagon's
staff, angered lawmakers already concerned after criminals gained
access to thousands of consumer profiles in a database maintained by a
data profiling company, ChoicePoint Inc. (see story)

Bank of America Corp. did not release details of how the tapes were
lost, but Sen. Charles Schumer, a New York Democrat, said he had been
informed by the Senate Rules Committee that the data tapes were likely
stolen off a commercial plane by baggage handlers.

"Whether it is identity theft, terrorism or other theft, in this new
and complicated world baggage handlers should have background checks
and more care should be taken for who is hired for these increasingly
sensitive positions," Schumer said.

Social security numbers, addresses and account numbers were on the
tapes for 1.2 million account holders, of which about 900,000 belonged
to Defense Department employees, Defense Department spokesman Bryan
Whitman said.

The tapes contained information from the accounts of dozens of U.S.  
Senators and from employees of federal agencies, officials monitoring
the situation said.

Bank of America said the small number of computer data tapes were lost
in December while being shipped to a back-up data center.

It said there was no evidence of crime resulting from the loss but the
U.S. Secret Service was investigating the case.


No thefts

Although the tapes were lost months ago, bank officials were only
allowed to notify cardholders when they received permission from
federal law enforcement authorities, Bank of America spokeswoman
Eloise Hale said.

"The investigation to date has found no evidence to suggest the tapes
or their content have been accessed or misused, and the tapes are now
presumed lost," the bank said in a statement.

Sen. Patrick Leahy, a Vermont Democrat, said he hoped the fact that
Senate information was among the lost data would spur Congress to pay
attention to a "rapid erosion of privacy rights" due to faulty data
security.

Bank of America, based in Charlotte, N.C., said it would monitor
customer accounts detailed on the data tapes and cardholders would be
contacted if unusual activity is detected. It said government
cardholders would not be liable for unauthorized use of their cards.

Officials at the General Services Administration, which manages
federal employee travel credit-card accounts, could not be reached for
comment but U.S. banking regulators said they were tracking the case.

"The bank notified us and we've been monitoring the situation," said
Kevin Mukri, a spokesman for the Office of the Comptroller of the
Currency, which regulates Bank of America.

Bank of America routinely ships back-up data tapes for storage at
different locations in case any offices are damaged by fires or flood.

The Defense Department has posted information about the issue for its
employees on its Web site.


(Additional reporting by Aleksandrs Rozens and Michele Gershberg in
New York, and Andrea Shalal-Esa and Mark Felsenthal in Washington)



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Mon Feb 28 2005 - 05:18:10 PST