[ISN] Wells Fargo computer missing

From: InfoSec News (isn@private)
Date: Tue May 09 2006 - 00:19:16 PDT


Pioneer Press
May. 06, 2006

Wells Fargo & Co., the largest bank in Minnesota and the nation's
fifth largest, said Friday that a computer containing sensitive data
for some of its mortgage customers is missing and might have been

It's not known whether the computer contained Minnesota customers'

The computer, which was being transported by an unidentified global
shipping company between Wells Fargo locations, had names, addresses,
Social Security numbers and mortgage loan account numbers of some
Wells Fargo mortgage customers and potential customers.

It did not contain other types of customer account numbers.

Wells Fargo spokeswoman Peggy Gunn wouldn't estimate the number of
individuals who could be affected, citing an ongoing law enforcement
investigation. She added, "The event affects a relatively small
percentage of Wells Fargo's customers."

San Francisco-based Wells Fargo said it had no indication that the
customer information has been accessed or misused. Gunn said the
computer has two layers of security, but she declined to elaborate.  
She also declined to describe the type of computer or how and when it

Wells Fargo will notify by mail individuals whose information was
stored on the computer by May 30. The bank is offering those affected
a free one-year credit monitoring service.

Wells Fargo has reported two other computer security breaches, in 2003
and 2004. The bank has had no indication that the information was
accessed or misused in either case, Gunn said.

Also Friday, Union Pacific Corp., the nation's largest railroad, said
it's investigating the theft of a computer containing the names and
Social Security numbers of 30,000 current and retired employees. The
computer was stolen April 29 from a human resources employee.

Nationally, more than 160 security breaches have occurred in the past
15 months, affecting more than 55 million accounts, according to
Privacy Rights Clearinghouse, a nonprofit privacy advocacy group based
in San Diego. Those breaches included more than 40 cases of stolen or
missing computers or laptops.

"The general population is waking up to the fact that personal data is
not well secured," said Beth Givens, director of the Privacy Rights
Clearinghouse. New federal and state laws require companies to notify
customers when personal information is lost or stolen, which makes
them vulnerable to identity theft.

Online: Privacy Rights Clearinghouse, www.privacyrights.org

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Tue May 09 2006 - 00:57:38 PDT