Over Half a Million Bank Accounts Breached 450
Gone Phishing writes "CNN is reporting that about 676,000 bank accounts in at least four banks (Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services) have had personal information "illegally sold". Over 60,000 customers have been notified so far."
This could get ugly (Score:5, Insightful)
Gee how informative (Score:2, Insightful)
I have a feeling that most people's social security numbers have been harvested by people who shouldn't have them
What about the agencies? Will they face charges? (Score:5, Insightful)
But, what about the 40 collection agencies and law firms? Will they face civil charges? Criminal charges? Both? Surely they knew they were up to no good, and they were the ones funding the information theft in the first place -- all so that they could illegally harass debtors.
Will the Feds follow the money?
Laws are reactionary (Score:4, Insightful)
Wow, your country must be great. (Score:5, Insightful)
It doesn't matter what laws you enact. If you RTFA, you'll see that this was an inside job done by corrupt upper-level employees. Setting aside security-Utopia for a second, at some point you have to trust your own employees, especially "upper level" ones. When that trust turns out to be misplaced, there's not a lot one can do to prevent malfeasance.
Re:US data protection act? (Score:3, Insightful)
We have several laws that apply to personal data. There are gaps you can drive a truck through, and the industry has spent decades doing just that. (I particularly like the part about how the laws specify that they only apply to "authorized uses" of personal data--so if it's not an authorized use, you can do anything. No, I'm not kidding.)
Makes you wonder (Score:2, Insightful)
There are several thousand smaller banks in the United States and many smaller banks have lower fees than those giants and a customer actually means something to those banks.
Re:Stolen Account Information and Dupes (Score:5, Insightful)
I'm really getting sick of this... (Score:2, Insightful)
Holders of mass amounts of critical info need to learn that if they lose it, or mismanage it, that they will be held liable for hundred of millions of dollars in civil penalties, and years in prison for the most egregious cases of negligence.
Re:Wow, your country must be great. (Score:3, Insightful)
It will only get worse (Score:5, Insightful)
I say it will only get worse because the Sarbanes-Oxley Act is coming into effect which requires companies to put into place access controls to monitor/audit who has access to what information (among other things). The SOX, in conjunction with the Gramm-Leach-Bliley Act are forcing corporations to get their financial house in order in such a way that this type of malfeasance is getting much harder to hide. Expect to see more of the same for quite some time.
While I think it's nice that these laws are having their desired effect I still envy those wacky europeans and their data protection laws.
Amoeba
Re:Makes you wonder (Score:2, Insightful)
Re:What will it take? (Score:5, Insightful)
I don't like Bush's policies either, but let's not just make things up, ok? First, not all class action suits are "forced" to federal court, only very large suits.
Second, they're moved to federal court not because federal courts are more business-friendly, but because of procedural differences in state court vs federal court. State courts tend to be more relaxed in due process procedures, and award ridiculous damages that are confiscated by private law firms. The ease with which a class action suit can be won in a small jurisdiction for enormous rewards has caused capitalistic law firms to seek out groups of marginally damaged people and organize them for a suit. This has caused a tenfold increase in class action lawsuits over the last decade.
Meanwhile, plaintiffs from multiple states with complaints against the same defendant could not organize on a federal level and file in federal court, due to procedural restrictions that prevented class action suits from being moved out of state. Thus you had the dangerous situation of one state's courts determining a case that would have national prescedent ramifications, and this seriously violates the principles of federalism. For a guy who bitched in his post about removing checks and balances, you're also complaining about legislation that was intended to prevent one state from determining national policy via state courts that are cherry-picked by millionaire attorneys.
The legislation in question removed some of the roadblocks to moving large cases with multistate plaintiffs to federal court by granting original jurisdiction of a case to the District Courts instead of the state courts for large suits in which there are multistate plaintiffs.
You then characaterize all this in your tired anti-Bush ranting as some pro-business move that Bush enacted for his cronies. First, that's not how a bill becomes a law, and you ought to know that by now. Presidents do not sponsor legislation in committee, nor vote on them in congress. They sign them.
There are a shitload of legitimate things to criticize President Bush about, but I'm tired of this hate-filled ranting that's misinformed. It's really hard to push for social evolution and progress when most of the people on your side are ignorant and more concerned with politics than anything else.
Oops, I forgot our legislature is too busy removing checks and balances (Senate) and debating corrupt members (House) to get anything else done.
I'm not sure what you're talking about here, so I can't really respond to you. The only major battle I know of in the Senate is over appelate court nominations, and I haven't read anything yet about changes to how nominations are handled.
Re:check your accounts (Score:3, Insightful)
And you're right. Welcome to the 20th century, where requests to "confirm everything," to "update your personal information," or to change your ATM's PIN number because of an information breach can be sent to thousands of mailboxes in an instant, at no cost at all. Sending out a legitimate looking letter via mail, and trying to extract information from the recipient is much harder, takes much longer, and costs much, much more, and more easily tracked down.
Re:The bigger they are... (Score:5, Insightful)
Well, duh. You're certainly not going to see 600,000 peoples accounts stolen from a credit union with only 20,000 customers. That doesn't mean it's any more secure.
Re:Stolen Account Information and Dupes (Score:5, Insightful)
How about punishing them for their inactions? If somebody walked in to a military base and stole a nuclear warhead, would you throw up your hands and say "well, it wasn't the military's fault; they're not the ones who stole it"? Of course it's their freakin' fault! Who's supposed to be guarding this stuff??
Then of course, there's the issue of why they need to have this info in the first place. Just as you could argue if we didn't have nuclear weapons in the first place then there'd be no reason to worry about them being stolen, so you could argue that Lexis-Nexis - a company most of us have absolutely no contact with - should not have things like our social security numbers (which are for, you know, our individual social security payments, not anything else) to begin with.
If you are going to take it upon yourself to store my information, then you had damn well better safeguard it. And if you don't, then you should be held liable, and you should be punished severely when data is stolen through your negligence. (And in this case, I define negligence as "any case where your security was lax enough to allow data to be stolen" - or in other words, every single case of a security breach.)
If a company cannot secure this data to the point where it cannot be stolen, then they have no business holding this data to begin with.
Re:Can I sell my info before someone else does? (Score:2, Insightful)
Sure, a lot of clear-thinking people get upset to learn their private information has been sold, but I suspect there are also a lot of people who would gladly sell their information for no more than a nominal fee.
I'll bet at least 10% of the population would agree to your getting it all if you offered them $20.
Of course, there's a bit of adverse selection here; the people who would agree to this deal aren't the ones the marketers really want.
Re:Stolen Account Information and Dupes (Score:1, Insightful)
Personal Information Theft (Score:1, Insightful)
Re:Stolen Account Information and Dupes (Score:5, Insightful)
My beef is not with banks... They are generally pretty dilligent about customer data--they've been doing this stuff for a while now. MY beef (and I believe the parent poster's beef) is a company he has never done business with acquiring, storing, and failing to secure his personal information. Certainly, we should punish the identity thieves--and severely. But the reality is that, in the case of ChoicePoint, (whom the parent poster cited as contacting him,) they simply didn't have adequate protections in place to keep somebody from pretending to be a "legitimate" buyer of personal information. (We'll leave for another day the argument that there should be no such thing as a "legitimate" sale of my personal information by anyone but me. If Choicepoint wants to PAY ME to list my personal information for their own potential profit, that is another story, of course.)
Bottom line? If ChoicePoint wasn't in the super-sleazy, ethically dubious game of gathering and selling personal information, the data that was "accidentally sold" to these inappropriate persons would never have been divulged--because they never would have had it in the first place to be ABLE To divulge it.
Normally Windows, but Solaris is 3 here. (Score:3, Insightful)
That assumes that they really are on the these sites. With the big break-in that occured with Visa/MC/Discover about 1-2 years ago, it took awhile, but they found a Nebraska clearing house running windows had been broken into, not the CC sites.
Re:It's not perfect, it can be made more difficult (Score:4, Insightful)
Re:Stolen Account Information and Dupes (Score:2, Insightful)
Re:Stolen Account Information and Dupes (Score:2, Insightful)
Re:Stolen Account Information and Dupes (Score:2, Insightful)
no problem (Score:1, Insightful)
thank you america, where this is all possible!
Deliberate misnomer this 'identity theft'. (Score:5, Insightful)
But no, this is too costly, so they try to put it back on the person who's information is used in the fraud.
It's NOT RIGHT! If someone else borrows money in your name, it's the lenders problem, not yours. Your identity was not stolen. You are still you. The lender is at fault because he failed to exercise due diligence in a climate where fraud is rampant.
Just think about it for a minute. You are NOT the victim of identity theft. You are still you and the other guy screwed some third party. Why should it cost you any money or any time... Instead, the idiots who carelessly or out of greed failed to verify that it was indeed you and not someone else requesting a credit report and credit should pay.
There's a simple solution too.
The credit reporting companies need to stop selling information to anyone other than the person who owns the information. Mainly you if it's your information. You want a loan, you request the information. Hell, if it takes a photo ID and a visit with a rep from the reporting company, then that's what it takes... But it's their problem to solve, NOT yours.
Re:Stolen Account Information and Dupes (Score:2, Insightful)
This is pure garbage. We *have* contracted banks to safeguard our personal information. Banks have a host of legal obligations regarding the safeguarding of personal information. And even if they didn't, their websites and agreements are full of statements like:
"Keeping financial and personal information about you secure and confidential is one of our most important responsibilities. Our systems are protected, so information remains secure." (Bank of America, Online Privacy and Security Policy)
I'm sure there are similar statements in the microprint contracts we all threw away the day after opening our checking account.
Heads *will* roll over this.
Re:Got fired for reporting insecure loan apps... (Score:3, Insightful)
My girlfriend has made a sexual harassment claim against her boss in the past; not only did the claim go nowhere (because said boss is worshipped by his superiors), but now that more than a year has passed, she has received a poor performance review, on the basis of dubious yet difficult-to-refute statements. She too has decided to move on to another company rather than try to fight.
All the way to the bank. (Score:3, Insightful)
When we put our money in the bank, we reasonably expect they won't leave the door unlocked. When they do, or trust someone with a key, they are responsible. It's not each customer's responsibility to audit their security: that's what we have the Treasury, many other government organizations, and professional integrity to rely on. When a bank enables damages by allowing cracks in that security apparatus, they've got to pay the cost.