BofA Breach: 'A Big, Scary Story'

BofA Breach: 'A Big, Scary Story'
$10 Million Loss Highlights Risks, Sophistication of Internal Breaches
May 25, 2011 - Tracy Kitten, Managing Editor

An internal breach at U.S. financial giant Bank of America shows how some
corporations do not focus enough attention on mitigating internal fraud
risks.

According to news reports, a BofA employee with access to accountholder
information allegedly leaked personally identifiable information such as
names, addresses, Social Security numbers, phone numbers, bank account
numbers, driver's license numbers, birth dates, e-mail addresses, family
names, PINs and account balances to a ring of criminals. With that
information, the fraudsters reportedly hijacked e-mail addresses, cell
phone numbers and possibly more, keeping consumers in the dark about new
accounts and checks that had been ordered in their names.

Some 300 BofA customers in California and other Western states have
reportedly had their accounts hit, and 95 suspects linked to the breach
were arrested by the Secret Service in Feb.

BofA says it detected the fraud a year ago, but only recently began
notifying affected customers of the breach.