A financial analyst for Countrywide Home Financial, one of the world's biggest and most troubled mortgage lenders, has been arrested and charged with stealing personal information concerning a breathtaking number of the company's customers. Rene Rebollo, 36, of Pasadena, California, downloaded 20,000 customer profiles including …
I'm a Countrywide Home Financial customer... Is it not enough that I have to deal with their retarded website?
Fortunately I have no money, and with my credit rating, the only way it can go is up. The bloke that bought my customer profile got ripped off.
So is Countrywide going to inform the folks whose info was stolen & sold?
Those of us with loans from Countrywide would like to know.
>> ...downloaded 20,000 customer profiles including names and
>> social security numbers just about every week for about two years
Why was this financial analyst allowed access to that data in the first place? Is that normal? Does the janitor have similar access???
Why on earth would Bank of America take on a sub-prime lender in the current market? Apart from paying peanuts.
Posted anon as I work at a Bank of America subsidiary which has very strict security in place. That is all but 4 internet computers usable by any staff on our break-out floor - which also have access to customer data!
Mines the one with MUG written on the back.
Nobody understands security like theives
Wow... wonder if anybody thought about monitoring suspicious insider activity. There's really not much that hasn't already been said on poor data protection. The inside-guy got away with it yet again.
Perhaps BoA bought them because they had a high exposure to them, a bit like the Fed's bailout of Beare Stearns actually being a bailout of JP Morgan who were highly exposed to Beare.
Word back from CW....
I emailed their fraud unit to see what they are doing about this and got this autorespond...
Thank you for contacting the Fraud Hotline. Countrywide values its customer relations and is committed to safeguarding their financial information. Because this responsibility is a top priority for Countrywide, we notify customer if there is a reason to believe that their sensitive information has been disclosed to an unauthorized person. Upon notification, the customers are provide with a toll-free number that directs them to call Countrywide’s Special Services Hotline answered by customer service representatives who have been specially trained to assist customer in such situations.
If you are a Countrywide Mortgage Customer, please contact our Countrywide’s Special Services Hotline at 1-866-451-5895. This toll-free number can also be found in the notification letter that you may have received.
If you are a Countrywide Bank Customer, please contact our Countrywide Bank’s Special Services Hotline at 1-877-200-0117. This toll-free number can also be found in the notification letter that you may have received.
If you are a reporter and this is a media inquiry, please contact Countrywide's Public Relations Media Hotline at 1-800-796-8448.
Countrywide Home Loans
30930 Russell Ranch Rd
Westlake Village, CA 91362
This is why BoA can buy them...
I love the USA
So that's 20 million odd
about 7% of the US population, or about 1 in 14, that's a fair old number.
I think he might be for the high jump on this one.
I suspect he has emptied the database, unless they are really large.
Still, there you go centralized databases, no access monitoring, a recipe for disaster.
Live Long and Prosper
He looks honest? Right.
Seems a bit steep for a list of people who cant aford to pay thier mortages.
Could you recoup the $700 by knocking people of your mailing list and saving postage?
Wirecutters are the best security
The most widespread security problem (just waiting to happen) is commercial PCs with too many ports.Most companies buy off the shelf desktop machines and just possibly have their disti pre-load the operating system with a custom screensaver and call that "added value".
I don't know whether it's because they don't understand security, or simply that they don't care - but anyone with any experience in IT knows about "sneaker nets". While they don't use floppy disks anymore, the modern equivalent lets much more data be surreptitiously moved around (or out, as in this case).
Even if companies can't buy PCs without USB connections, or in some cases without built-in wifi, the modifications are quite simple. Merely disabling the ports in software is not enough, as a determined baddie will have the ability to reset them. Given the parlous standards of change-control, you may even find that the machines were "repaired" by inadvertent software updates while in use. While we're at it, best to replace the chassis screws with vandal-proof ones, to stop casual case-openers, too.
If you're worried about voiding warranties, just find another suport organisation. It's not as if they're scarce and one that's any good will recognise the reasoning and have the flexibility to work with your disabled machines.
Hipocrisy at it's best....
Now where have we all heard this story before?
That's right, it was the IRS and the US Gov purchasing STOLEN information from an ex Luxumberg employee.
How can they charge this guy when they have done exactly the same thing.
Way to go assholes.
US needs to go dick themselves and then suck on it to realise what shit actually tastes like.
OK, call me picky...
...but each week for two years, he downloads 20,000 customer details. Call that a hundred weeks. He sells these 20,000 customer details for $500. So I make that $50,000 raised by this scam.
Where do the prosecution get $70,000 from?
How long before a Phorm or Nebuad employee does the same?
Being a financial analyst, he had to be able to determine the credit-worthiness of customers. That means having access to individual records. This is basically an inside job--always the toughest thefts to control. Somewhere along the line, SOMEONE has to have access to the data. And at some point, according to statistics, THAT someone is going to be a double agent.
I cannot believe this story
Not that I doubt it's veracity in any way, but it seems an exercise in strange semiotics - a substitution of referents in the Real story. Namely that the Fed is not accusing bank insiders of the heist of massive lines of credit.
ID card and centralised database
While no one really cares about the people whose data got stolen (they are the poorest Americans obviously)
It does show you what is going to happen to the UK very soon, with far more important data than a list of who hasn’t got any cash.
One final point, this is just one guy that got busted, the amount of people who get away with it must be a much greater number.
Which means that EVERY database in existence has already had ALL its data sold illegally already......?
Cheap in bulk, obviously. The fact that these are personal data of the soon-to-be-homeless doesn't reduce their value. Manufacturers of false ID kit for sale to illegal immigrants get ~$50 for an ID useful for getting a job, a license to operate an automobile, etc.
And if the purchaser is truly corrupt, he can use the ID to open banking accounts and receive credit cards. It is truly a win-win-win-lose situation for the analyst, the ID maker, the end customer, and the poor CW account holder whose life will become a living hell of debt collectors.
>>>...but each week for two years, he downloads 20,000 customer details. Call that a hundred weeks. He sells these 20,000 customer details for $500. So I make that $50,000 raised by this scam.
>>>Where do the prosecution get $70,000 from?
20,000 names per week
$500 per sale
The figure you're missing is sales per week. If he sells the list to two people one week, he's made $1,000. Rinse. Repeat.
Equal jail time? Blame Macs
Noticed that the guy did the stealing could get 5 years but the buyer could get 15 years. Make sense.
Mentioned in the article that an un-protected PC (we'll assume Windows) let him grab the data. One thing I've noticed is that there is no company that sells USB/CD/DVD protection for Macs or linux [last i checked]. Major hole in any company. A Good reason to cut them off the network. :-)
- Put down that Oracle database patch: It could cost $23,000 per CPU
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- Review Porsche Panamera S E-Hybrid: The plug-in for plutocrats
- Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade