BofA Breach: 'A Big, Scary Story'

[security curmudgeon <jericho () attrition org>]

http://www.bankinfosecurity.com/articles.php?art_id=3673

BofA Breach: 'A Big, Scary Story'
$10 Million Loss Highlights Risks, Sophistication of Internal Breaches
May 25, 2011 - Tracy Kitten, Managing Editor

An internal breach at U.S. financial giant Bank of America shows how some 
corporations do not focus enough attention on mitigating internal fraud 
risks.

According to news reports, a BofA employee with access to accountholder 
information allegedly leaked personally identifiable information such as 
names, addresses, Social Security numbers, phone numbers, bank account 
numbers, driver's license numbers, birth dates, e-mail addresses, family 
names, PINs and account balances to a ring of criminals. With that 
information, the fraudsters reportedly hijacked e-mail addresses, cell 
phone numbers and possibly more, keeping consumers in the dark about new 
accounts and checks that had been ordered in their names.

Some 300 BofA customers in California and other Western states have 
reportedly had their accounts hit, and 95 suspects linked to the breach 
were arrested by the Secret Service in Feb.

BofA says it detected the fraud a year ago, but only recently began 
notifying affected customers of the breach.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/