Posted Monday 4th August 2008 21:49 GMT
I'm a Countrywide Home Financial customer... Is it not enough that I have to deal with their retarded website?
Fortunately I have no money, and with my credit rating, the only way it can go is up. The bloke that bought my customer profile got ripped off.
Posted Monday 4th August 2008 21:49 GMT
Those of us with loans from Countrywide would like to know.
Posted Monday 4th August 2008 22:24 GMT
>> ...downloaded 20,000 customer profiles including names and
>> social security numbers just about every week for about two years
Why was this financial analyst allowed access to that data in the first place? Is that normal? Does the janitor have similar access???
Posted Monday 4th August 2008 22:59 GMT
Why on earth would Bank of America take on a sub-prime lender in the current market? Apart from paying peanuts.
Posted anon as I work at a Bank of America subsidiary which has very strict security in place. That is all but 4 internet computers usable by any staff on our break-out floor - which also have access to customer data!
Mines the one with MUG written on the back.
Posted Monday 4th August 2008 23:20 GMT
Wow... wonder if anybody thought about monitoring suspicious insider activity. There's really not much that hasn't already been said on poor data protection. The inside-guy got away with it yet again.
Posted Tuesday 5th August 2008 02:12 GMT
Perhaps BoA bought them because they had a high exposure to them, a bit like the Fed's bailout of Beare Stearns actually being a bailout of JP Morgan who were highly exposed to Beare.
Posted Tuesday 5th August 2008 04:36 GMT
I emailed their fraud unit to see what they are doing about this and got this autorespond...
Thank you for contacting the Fraud Hotline. Countrywide values its customer relations and is committed to safeguarding their financial information. Because this responsibility is a top priority for Countrywide, we notify customer if there is a reason to believe that their sensitive information has been disclosed to an unauthorized person. Upon notification, the customers are provide with a toll-free number that directs them to call Countrywide’s Special Services Hotline answered by customer service representatives who have been specially trained to assist customer in such situations.
If you are a Countrywide Mortgage Customer, please contact our Countrywide’s Special Services Hotline at 1-866-451-5895. This toll-free number can also be found in the notification letter that you may have received.
If you are a Countrywide Bank Customer, please contact our Countrywide Bank’s Special Services Hotline at 1-877-200-0117. This toll-free number can also be found in the notification letter that you may have received.
If you are a reporter and this is a media inquiry, please contact Countrywide's Public Relations Media Hotline at 1-800-796-8448.
Thank You,
Fraud Hotline
Countrywide Home Loans
30930 Russell Ranch Rd
Mailstop: WLRR-469
Westlake Village, CA 91362
Posted Tuesday 5th August 2008 04:36 GMT
I love the USA
http://www.bloomberg.com/apps/news?pid=20601087&sid=arYakEWFRtTE&refer=home
Posted Tuesday 5th August 2008 04:36 GMT
about 7% of the US population, or about 1 in 14, that's a fair old number.
I think he might be for the high jump on this one.
I suspect he has emptied the database, unless they are really large.
Still, there you go centralized databases, no access monitoring, a recipe for disaster.
Posted Tuesday 5th August 2008 08:46 GMT
He looks honest? Right.
http://www.portfolio.com/news-markets/national-news/portfolio/2008/07/16/Countrywide-Deals-Exposed
Posted Tuesday 5th August 2008 08:48 GMT
Seems a bit steep for a list of people who cant aford to pay thier mortages.
Could you recoup the $700 by knocking people of your mailing list and saving postage?
Posted Tuesday 5th August 2008 08:48 GMT
The most widespread security problem (just waiting to happen) is commercial PCs with too many ports.Most companies buy off the shelf desktop machines and just possibly have their disti pre-load the operating system with a custom screensaver and call that "added value".
I don't know whether it's because they don't understand security, or simply that they don't care - but anyone with any experience in IT knows about "sneaker nets". While they don't use floppy disks anymore, the modern equivalent lets much more data be surreptitiously moved around (or out, as in this case).
Even if companies can't buy PCs without USB connections, or in some cases without built-in wifi, the modifications are quite simple. Merely disabling the ports in software is not enough, as a determined baddie will have the ability to reset them. Given the parlous standards of change-control, you may even find that the machines were "repaired" by inadvertent software updates while in use. While we're at it, best to replace the chassis screws with vandal-proof ones, to stop casual case-openers, too.
If you're worried about voiding warranties, just find another suport organisation. It's not as if they're scarce and one that's any good will recognise the reasoning and have the flexibility to work with your disabled machines.
Posted Tuesday 5th August 2008 08:48 GMT
Now where have we all heard this story before?
That's right, it was the IRS and the US Gov purchasing STOLEN information from an ex Luxumberg employee.
How can they charge this guy when they have done exactly the same thing.
Way to go assholes.
US needs to go dick themselves and then suck on it to realise what shit actually tastes like.
Posted Tuesday 5th August 2008 08:48 GMT
...but each week for two years, he downloads 20,000 customer details. Call that a hundred weeks. He sells these 20,000 customer details for $500. So I make that $50,000 raised by this scam.
Where do the prosecution get $70,000 from?
Posted Tuesday 5th August 2008 10:12 GMT
How long before a Phorm or Nebuad employee does the same?
This post has been deleted by a moderator
Posted Tuesday 5th August 2008 12:25 GMT
Being a financial analyst, he had to be able to determine the credit-worthiness of customers. That means having access to individual records. This is basically an inside job--always the toughest thefts to control. Somewhere along the line, SOMEONE has to have access to the data. And at some point, according to statistics, THAT someone is going to be a double agent.
This post has been deleted by a moderator
Posted Tuesday 5th August 2008 13:25 GMT
Not that I doubt it's veracity in any way, but it seems an exercise in strange semiotics - a substitution of referents in the Real story. Namely that the Fed is not accusing bank insiders of the heist of massive lines of credit.
Posted Tuesday 5th August 2008 14:29 GMT
While no one really cares about the people whose data got stolen (they are the poorest Americans obviously)
It does show you what is going to happen to the UK very soon, with far more important data than a list of who hasn’t got any cash.
One final point, this is just one guy that got busted, the amount of people who get away with it must be a much greater number.
Which means that EVERY database in existence has already had ALL its data sold illegally already......?
Posted Tuesday 5th August 2008 17:14 GMT
Cheap in bulk, obviously. The fact that these are personal data of the soon-to-be-homeless doesn't reduce their value. Manufacturers of false ID kit for sale to illegal immigrants get ~$50 for an ID useful for getting a job, a license to operate an automobile, etc.
And if the purchaser is truly corrupt, he can use the ID to open banking accounts and receive credit cards. It is truly a win-win-win-lose situation for the analyst, the ID maker, the end customer, and the poor CW account holder whose life will become a living hell of debt collectors.
Posted Tuesday 5th August 2008 18:10 GMT
>>>...but each week for two years, he downloads 20,000 customer details. Call that a hundred weeks. He sells these 20,000 customer details for $500. So I make that $50,000 raised by this scam.
>>>Where do the prosecution get $70,000 from?
20,000 names per week
$500 per sale
The figure you're missing is sales per week. If he sells the list to two people one week, he's made $1,000. Rinse. Repeat.
Posted Tuesday 5th August 2008 22:04 GMT
Noticed that the guy did the stealing could get 5 years but the buyer could get 15 years. Make sense.
Mentioned in the article that an un-protected PC (we'll assume Windows) let him grab the data. One thing I've noticed is that there is no company that sells USB/CD/DVD protection for Macs or linux [last i checked]. Major hole in any company. A Good reason to cut them off the network. :-)
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
