Feds accuse bank insider of massive data heist A financial analyst for Countrywide Home Financial, one of the world's biggest and most troubled mortgage lenders, has been arrested and charged with stealing personal information concerning a breathtaking number of the company's customers. Rene Rebollo, 36, of Pasadena, California, downloaded 20,000 customer profiles …
Why on earth would Bank of America take on a sub-prime lender in the current market? Apart from paying peanuts.
Posted anon as I work at a Bank of America subsidiary which has very strict security in place. That is all but 4 internet computers usable by any staff on our break-out floor - which also have access to customer data!
Mines the one with MUG written on the back.
I emailed their fraud unit to see what they are doing about this and got this autorespond...
Thank you for contacting the Fraud Hotline. Countrywide values its customer relations and is committed to safeguarding their financial information. Because this responsibility is a top priority for Countrywide, we notify customer if there is a reason to believe that their sensitive information has been disclosed to an unauthorized person. Upon notification, the customers are provide with a toll-free number that directs them to call Countrywide’s Special Services Hotline answered by customer service representatives who have been specially trained to assist customer in such situations.
If you are a Countrywide Mortgage Customer, please contact our Countrywide’s Special Services Hotline at 1-866-451-5895. This toll-free number can also be found in the notification letter that you may have received.
If you are a Countrywide Bank Customer, please contact our Countrywide Bank’s Special Services Hotline at 1-877-200-0117. This toll-free number can also be found in the notification letter that you may have received.
If you are a reporter and this is a media inquiry, please contact Countrywide's Public Relations Media Hotline at 1-800-796-8448.
Thank You,
Fraud Hotline
Countrywide Home Loans
30930 Russell Ranch Rd
Mailstop: WLRR-469
Westlake Village, CA 91362
about 7% of the US population, or about 1 in 14, that's a fair old number.
I think he might be for the high jump on this one.
I suspect he has emptied the database, unless they are really large.
Still, there you go centralized databases, no access monitoring, a recipe for disaster.
The most widespread security problem (just waiting to happen) is commercial PCs with too many ports.Most companies buy off the shelf desktop machines and just possibly have their disti pre-load the operating system with a custom screensaver and call that "added value".
I don't know whether it's because they don't understand security, or simply that they don't care - but anyone with any experience in IT knows about "sneaker nets". While they don't use floppy disks anymore, the modern equivalent lets much more data be surreptitiously moved around (or out, as in this case).
Even if companies can't buy PCs without USB connections, or in some cases without built-in wifi, the modifications are quite simple. Merely disabling the ports in software is not enough, as a determined baddie will have the ability to reset them. Given the parlous standards of change-control, you may even find that the machines were "repaired" by inadvertent software updates while in use. While we're at it, best to replace the chassis screws with vandal-proof ones, to stop casual case-openers, too.
If you're worried about voiding warranties, just find another suport organisation. It's not as if they're scarce and one that's any good will recognise the reasoning and have the flexibility to work with your disabled machines.
Now where have we all heard this story before?
That's right, it was the IRS and the US Gov purchasing STOLEN information from an ex Luxumberg employee.
How can they charge this guy when they have done exactly the same thing.
Way to go assholes.
US needs to go dick themselves and then suck on it to realise what shit actually tastes like.
Being a financial analyst, he had to be able to determine the credit-worthiness of customers. That means having access to individual records. This is basically an inside job--always the toughest thefts to control. Somewhere along the line, SOMEONE has to have access to the data. And at some point, according to statistics, THAT someone is going to be a double agent.
While no one really cares about the people whose data got stolen (they are the poorest Americans obviously)
It does show you what is going to happen to the UK very soon, with far more important data than a list of who hasn’t got any cash.
One final point, this is just one guy that got busted, the amount of people who get away with it must be a much greater number.
Which means that EVERY database in existence has already had ALL its data sold illegally already......?
Cheap in bulk, obviously. The fact that these are personal data of the soon-to-be-homeless doesn't reduce their value. Manufacturers of false ID kit for sale to illegal immigrants get ~$50 for an ID useful for getting a job, a license to operate an automobile, etc.
And if the purchaser is truly corrupt, he can use the ID to open banking accounts and receive credit cards. It is truly a win-win-win-lose situation for the analyst, the ID maker, the end customer, and the poor CW account holder whose life will become a living hell of debt collectors.
>>>...but each week for two years, he downloads 20,000 customer details. Call that a hundred weeks. He sells these 20,000 customer details for $500. So I make that $50,000 raised by this scam.
>>>Where do the prosecution get $70,000 from?
20,000 names per week
$500 per sale
The figure you're missing is sales per week. If he sells the list to two people one week, he's made $1,000. Rinse. Repeat.
Noticed that the guy did the stealing could get 5 years but the buyer could get 15 years. Make sense.
Mentioned in the article that an un-protected PC (we'll assume Windows) let him grab the data. One thing I've noticed is that there is no company that sells USB/CD/DVD protection for Macs or linux [last i checked]. Major hole in any company. A Good reason to cut them off the network. :-)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
