Feeds

US bank staff 'sold customer details'

Data theft apology sent to thousands

  • alert
  • submit to reddit

High performance access to file storage

The sale of sensitive banking details to an allegedly bent debt collection agency has triggered warning letters to more than 100,000 US consumers. Bank of America has told about 60,000 customers and Wachovia a further 48,000 that their financial records have been breached. Both banks have offered affected customers free credit monitoring services for a year.

"We are trying to communicate with our customers as promptly as possible," Bank of America spokeswoman Alex Liftman told AP. "So far, we have no evidence that any of our customer information has been used for account fraud or identity theft."

The alleged plot to swipe the banking records of thousands emerged last month after police in Hackensack New Jersey, charged nine people, including seven bank workers, over the scam. The arrests followed a February raid on the home of Orazio Lembo Jr, 35, which recovered 13 computers containing the banking details of customers Bank of America and Wachovia along with clients of Commerce Bank and PNC Bank of Pittsburgh.

Investigators allege Lembo sold bank account details and employment information to collection agencies and law firms through his firm DRL Associates. The information was supplied by corrupt bank workers who were paid $10 a pop for their trouble. Reuters reports that a further two arrests in the case are likely.

The case is the latest in a growing list of security breaches involving personal data to affect companies including ChoicePoint and Reed Elsevier's LexisNexis division over recent months. Agents investigating the security breach at data broker LexisNexis searched the houses of 10 suspects last weekend, Reuters reports. No charges were made immediately following the raids in California, Minnesota and North Carolina by federal agents investigating the March 2005 case. ®

Related stories

Big company, crap security
ID theft is inescapable
LexisNexis data breach far worse than reported
It's official: ChoicePoint, LexisNexis rooted many times
Right of Reply: LexisNexis
Database misuse: who watches the watchers?

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.