From Deseret News archives:

Bank workers biggest ID theft threat

Insiders with access to data may pose 70% to 80% of risk

Published: Thursday, June 30, 2005 10:05 p.m. MDT
 |  E-MAIL | PRINT | FONT + - 
CHARLOTTE, N.C. — When two of the nation's largest banks were forced to notify thousands of customers that their financial records may have been stolen, there wasn't a hacker, a missing laptop or a lost box of backup computer tapes to blame.

This time, police believe, customers of Wachovia Corp. and Bank of America Corp. were the victims of bank employees, workers whose jobs at the Charlotte-based banks granted them access to information valuable enough to sell for $10 an account.

Security experts believe it's that battle against insiders — the theft of Social Security numbers and other sensitive data by those with the authority to access it — that will consume banks and other financial institutions as they fight a recent run of security breaches that doesn't appear to be waning.

"We've got a nasty problem and it keeps getting worse over the past couple of months," said Peter G. Neumann, a security expert with SRI International in Menlo Park, Calif. "Insiders have always been a concern, it's just that (institutions) are finally admitting it."

Security experts like Neumann believe inside jobs have the potential to be far more damaging to consumers than accidental losses of data, or attacks by hackers similar to one disclosed June 17 at Atlanta-based CardSystems Solutions Inc., which exposed 40 million credit and debit card accounts.

Story continues below
And the protections banks use to thwart hackers — firewalls and encryption, for example — have no ability to stop ill-intentioned employees who have authorized access to secure information.

The insider case at Bank of America, Wachovia and two other banks — involving a far smaller number of accounts than the hackers' assault on CardSystems Solutions — could prove to be far worse for consumers, said Avivah Litan, an analyst with Stamford, Conn.-based Gartner Inc., an information technology research firm.

"It may not be bigger, but that stuff is a lot more dangerous," Litan said. "These are people who have access to a lot more personal information, so it's very serious."

Wachovia and Bank of America were forced to alert more than 100,000 customers in May after police in New Jersey charged nine people, including seven bank workers, in a plot to steal financial records of thousands of bank customers.

"About 70 to 80 percent of the risk is from insiders, although not all of them are as malicious as the case in New Jersey," said Steve Roop, vice president of marketing at San Francisco-based Vontu, a firm specializing in data loss prevention. "Sometimes it is well meaning but poorly informed workers."

Comments

You can be the first to comment on this story.

previousnext

Latest comments

Nick is an amazing kid. I go to school with him. This game shows that Lehi we...

I think that Salt Lake City would be a great place to hold the 2012 RNC. Salt...

Pitta doesn't win award

Hernandez is much better than Pitta. Pitta was lucky to be nominated with the...

I think that's just plain "TORRIBLE"!

Holy Cow! Just how good is this kid?! That's impressive. Not only does he tie...

Barkley says Boozer is big problem

Boozer is bad medicine for the Jazz. He refuses to take hits and defend,...

Springville comes back against AF

Who has beaten your #1 & #2 state ranked teams? Oh...and your #10 team,...

Good job Titans another win.

Sorry..."Classless Ute". Max Hall is hilarious.

Good concert tonight. Not great. Natalie Cole was as good as I expected...I...

Advertisements