Technorati Tag: Security Breach
Date Reported:
5/16/08
Organization:
Wells Fargo & Company
Contractor/Consultant/Branch:
Wells Fargo Home Mortgage
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"names, addresses, dates of birth, loan numbers, Personal Identification Numbers (PIN), current bank account numbers and last five digits of their Social Security numbers"
Breach Description:
"We have learned that a former Wells Fargo employee working in our reverse mortgage servicing department inappropriately used another customer's account information. We have taken appropriate action against this individual."
Reference URL:
New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
Pursuant to the information compromise notification requirements of the State of New Hampshire, Wells Fargo hereby notifies you that we have give notice to approximately 24 residents of the state of New Hampshire of a potential compromise of their Social Security numbers and mortgage loan account numbers.
We have learned that a former Wells Fargo employee working in our reverse mortgage servicing department inappropriately used another customer's account information.
[Evan] Employee fraud is one of the most difficult breaches to prevent (and sometimes to detect). Most controls are largely administrative in nature such as background checks, segregation of duties, job rotation, policy and procedure, etc. Sometimes even the best controls won't do much to prevent an attack from the enemy within.
We have taken appropriate action against this individual.
[Evan] I wonder what this means.
We have no information indicating your information was compromised.
However, the former employee, in the course of their employment, had access to information that may have included your name, address, date of birth, loan number, Personal Identification Number (PIN), current bank account number and last five digits of your Social Security number.
[Evan] The fact that only the last five digits of the Social Security numbers were accessible is a good indication that Wells Fargo identified the risk involved with a person in the former employee's position accessing confidential information. Limiting Social Security number exposure also limits the extent and impact of the breach.
We started mailing consumer notices on May 13, 2008.
Wells Fargo Home Mortgage takes information security very seriously and wants to assure you that we are taking precautionary measures to reduce the potential risk associated with this incident.
Wells Fargo Home Mortgage, to ensure everything is done to protect you, will be providing you with a new PIN to access the line of credit on your reverse mortgage loan.
[Evan] Not just "to protect you". Remember that Wells Fargo is in business to make money and I am pretty sure that the things they do are to that end.
As a precaution, Wells Fargo has partnered with a company called Intersections, Inc. to provide you with a free one-year subscription to IDENTITY GUARD CREDITPROTECTX3.
[Evan] Cool! "CREDITPROTECTX3" sounds super strong and effective!
Wells Fargo Home Mortgage values and appreciates the trust you have placed in us by allowing us to serve you.
We sincerely apologize for this situation.
If we can be of further assistance, please do not hesitate to call us at (800) 472-3209 between the hours of 8:00 am and 8:00 pm eastern time, Monday through Friday.
Commentary:
I think that breaches like this are more common than some people would like to admit. Banks have the one thing that everyone wants!
Past Breaches:
Unknown
Date Reported: 5/16/08
Organization:
Wells Fargo & Company
Contractor/Consultant/Branch:
Wells Fargo Home Mortgage
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"names, addresses, dates of birth, loan numbers, Personal Identification Numbers (PIN), current bank account numbers and last five digits of their Social Security numbers"
Breach Description:
"We have learned that a former Wells Fargo employee working in our reverse mortgage servicing department inappropriately used another customer's account information. We have taken appropriate action against this individual."
Reference URL:
New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
Pursuant to the information compromise notification requirements of the State of New Hampshire, Wells Fargo hereby notifies you that we have give notice to approximately 24 residents of the state of New Hampshire of a potential compromise of their Social Security numbers and mortgage loan account numbers.
We have learned that a former Wells Fargo employee working in our reverse mortgage servicing department inappropriately used another customer's account information.
[Evan] Employee fraud is one of the most difficult breaches to prevent (and sometimes to detect). Most controls are largely administrative in nature such as background checks, segregation of duties, job rotation, policy and procedure, etc. Sometimes even the best controls won't do much to prevent an attack from the enemy within.
We have taken appropriate action against this individual.
[Evan] I wonder what this means.
We have no information indicating your information was compromised.
However, the former employee, in the course of their employment, had access to information that may have included your name, address, date of birth, loan number, Personal Identification Number (PIN), current bank account number and last five digits of your Social Security number.
[Evan] The fact that only the last five digits of the Social Security numbers were accessible is a good indication that Wells Fargo identified the risk involved with a person in the former employee's position accessing confidential information. Limiting Social Security number exposure also limits the extent and impact of the breach.
We started mailing consumer notices on May 13, 2008.
Wells Fargo Home Mortgage takes information security very seriously and wants to assure you that we are taking precautionary measures to reduce the potential risk associated with this incident.
Wells Fargo Home Mortgage, to ensure everything is done to protect you, will be providing you with a new PIN to access the line of credit on your reverse mortgage loan.
[Evan] Not just "to protect you". Remember that Wells Fargo is in business to make money and I am pretty sure that the things they do are to that end.
As a precaution, Wells Fargo has partnered with a company called Intersections, Inc. to provide you with a free one-year subscription to IDENTITY GUARD CREDITPROTECTX3.
[Evan] Cool! "CREDITPROTECTX3" sounds super strong and effective!
Wells Fargo Home Mortgage values and appreciates the trust you have placed in us by allowing us to serve you.
We sincerely apologize for this situation.
If we can be of further assistance, please do not hesitate to call us at (800) 472-3209 between the hours of 8:00 am and 8:00 pm eastern time, Monday through Friday.
Commentary:
I think that breaches like this are more common than some people would like to admit. Banks have the one thing that everyone wants!
Past Breaches:
Unknown
