[ISN] BofA Breach: 'A Big, Scary Story'

From: InfoSec News <alerts_at_private>
Date: Thu, 26 May 2011 00:04:06 -0500 (CDT)

By Tracy Kitten
Managing Editor
Bank Info Security
May 25, 2011 

An internal breach at U.S. financial giant Bank of America shows how 
some corporations do not focus enough attention on mitigating internal 
fraud risks.

According to news reports, a BofA employee with access to accountholder 
information allegedly leaked personally identifiable information such as 
names, addresses, Social Security numbers, phone numbers, bank account 
numbers, driver's license numbers, birth dates, e-mail addresses, family 
names, PINs and account balances to a ring of criminals. With that 
information, the fraudsters reportedly hijacked e-mail addresses, cell 
phone numbers and possibly more, keeping consumers in the dark about new 
accounts and checks that had been ordered in their names.

Some 300 BofA customers in California and other Western states have 
reportedly had their accounts hit, and 95 suspects linked to the breach 
were arrested by the Secret Service in Feb.

BofA says it detected the fraud a year ago, but only recently began 
notifying affected customers of the breach.

"As we communicated to impacted customers, this situation involved a now 
former associate who provided customer information to people outside the 
bank, who then used the information to commit fraud against our 
customers," says BofA spokeswoman Colleen Haggerty. "Keeping customer 
information secure and confidential is one of our most important 
responsibilities, and Bank of America sincerely apologizes for this 
incident, and regrets any inconvenience it may cause our customers. We 
work hard to prevent fraud, and our customers who experience fraud on 
their accounts related to this incident will be reimbursed if they 
report it promptly to us."


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 25 2011 - 22:04:06 PDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 22:10:56 PDT