2009 Data Breaches: An Interactive Timeline

A Look at the Top Breaches Involving U.S. Financial Institutions
2009 Data Breaches: An Interactive Timeline

See the interactive timeline below for a comprehensive list of affected institutions & businesses (updated regularly).

Total number of targeted financial institutions as of December 31, 2009: 62


See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

Source: Identity Theft Research Center

Editor's Note: The following is a list of data breaches that have affected U.S. financial institutions in 2009. The information was compiled from the 2009 Data Breach Report by the Identity Theft Resource Center (ITRC), based in San Diego, CA.



JANUARY:


Heartland Payment Systems,
Princeton, NJ
Date: January 20
Records Taken: 130 million credit and debit card account numbers

Type of Breach: Outside network intrusion

Heartland Payment Systems announced on Jan. 20 that its network had been breached. The payment processor handles transactions for 250,000 merchants. Subsequently, it was revealed through indictments that 130 million credit/debit cards were compromised by the breach.


Gregory Navone,
Las Vegas, NV
Date: January 21
Records Taken: 230 credit reports
Type of breach: Missing paper documents

The Federal Trade Commission charged a Nevada mortgage broker with discarding consumers' tax returns, credit reports and other sensitive personal and financial information in an unsecured dumpster. The records included tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers' licenses and at least 230 credit reports.


Developers Diversified Realty Corporation,
Beechwood, OH
Date: January 29, 2009
Records Taken: Unknown

Type of breach: Accidental breach

The New Hampshire Attorney General's office was notified by DDR that National City Bank, one of DDR's dividend disbursing agents, mailed some 1099-DIV tax forms on January 29 to the wrong shareholders. In some cases, tax forms were included in the mailings to the other shareholders. The tax forms contained names, addresses, Social Security numbers and other dividend-related information.


American Education Services - Student Loan,
Harrisburg, PA.
Date: January 29, 2009
Records Taken: 49 Social Security numbers, birthdates

Type of breach: Accidental breach

AES, the service provider for Student Loan Xpress, inadvertently transmitted names, addresses, SSNs and birthdates to another student loan lender with which AES contracted. The other lender said it destroyed all information mistakenly received. Forty-nine people in NH may be at risk of compromise.


Rhode Island Hospital,
Cranston, RI
Date: January 30, 2009
Records Taken: Unknown number of personal information on patients

Type of breach: Insider theft

A security guard at a Cranston hospital stole the identities of hospital patients and was sentenced to three years and three months in prison. He used the information to open accounts at RadioShack and bought cell phones. Three former clerks at the RadioShack store admitted their part in the scheme.

 



FEBRUARY


Commerce Bank - TD Bank,
Philadelphia, PA
Date: February 10, 2009
Records Taken: 240 personal information on bank customers Type of breach: Insider theft

A Philadelphia man pleaded guilty in February to charges stemming from a scheme in which he admitted using personal information of customers at a Mount Laurel bank to open fraudulent credit card accounts. Between March 1 and Oct. 30, 2007, the man used his bank job to access at least 240 bank documents with customer information, including loan information and account numbers.


Bank of the West,
Benton County, WA
Date: February 11, 2009
Records Taken: Unknown

Type of breach: Insider theft

A mother/daughter team used customer personal and financial information to open new credit cards. The daughter worked at Bank of the West in Benton County.


Bank of America,
Metro Atlanta area, GA
Date: February 17, 2009-08-23
Records Taken: Possibly hundreds of bank card numbers and passwords

Type of breach: Skimming

Federal indictments against Nikolay Nikolov, 23, and Yordan Kavaklov, 29, both of Bulgaria, allege multiple felony charges of conspiring to steal the bank card numbers and passwords of perhaps hundreds of individuals through the use of a skimming device the defendants are said to have connected to ATMs in the Metro Atlanta area in September 2008.


Unknown payment processing gateway
Date: February 19, 2009
Records Taken: 19,000 credit card numbers

Type of breach: Unknown

A defunct payment gateway exposed as many as 19,000 credit card numbers. It was discovered by an IT worker via a Google search engine where information is cached and available to anyone. The cached data included 22,000 credit card numbers, complete with CVVs, expiry dates, names and addresses. Up to 19,000 of these numbers could be active. Most are customers in the US and UK, although some are Australian.


Cornerstone Fitness Center,
Edinburg, TX
Date: February 20, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

The Texas Attorney General's office charged Cornerstone Fitness Center with identity theft prevention act violations after discovering that sometime after the Edinburg fitness center closed in 2007, a filing cabinet was found behind the company's closed location, containing personal identifying information.


North Star Realty,
Draper, UT
Date: February 26, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

Personal information on mortgage papers from the spring of 2004, including bank account and Social Security numbers, was found near the dumpster of North Star Realty. The realty office blamed a new employee for improper disposal of records.



MARCH


Borrego Springs Bank,
Borrego Springs, CA
Date: March 4, 2009
Records Taken: Unknown

Type of breach: Stolen or missing hardware

The theft of six laptop computers from a Laguna Hills auditing firm prompted the Borrego Springs Bank to send warning letters to all of its customers, saying their personal financial information may be in the hands of criminals. The auditing firm says the information included personal information from multiple banks, not just Borrego Springs Bank.


Branch Banking & Trust,
Winston-Salem, NC
Date: March 5, 2009
Records Taken: Unknown

Type of breach: Insider theft

While investigating another matter, BB&T conducted an internal investigation and discovered that a former employee who had legitimate access to client accounts abused the access and sold client signature card information to others for fraudulent purposes. The client information sold included names, addresses, Social Security numbers, birthdates, bank account numbers, driver's license numbers and signatures.


Taco Bell,
Southern Colorado
Date: March 12, 2009
Records Taken: 48 credit card account numbers

Type of breach: Insider theft

Three alleged crooks were charged with stealing personal information from unsuspecting customers by skimming credit cards. A restaurant employee sold the customers' card information to three suspected crooks, who went shopping around town. The suspects were charged with racketeering for allegedly ringing up more than $14,000 on other people's credit cards.


Metro City Bank,
Doraville, GA
Date: March 16, 2009
Records Taken: Unknown

Type of breach: Outside network intrusion

Researchers from Prevx, a UK-based online security firm, discovered a data trove used to store stolen information from 160,000 infected computers. According to sources at Metro City Bank, their computer was one of the infected computers.


Breakwater Mortgage Corporation,
Williamsburg, VA
Date: March 16, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

A Virginia man who bid on seven file cabinets at a storage auction discovered dozens of files inside with personal and financial information that belonged to Breakwater Mortgage Corporation. The firm went out of business in 2008.

Clear Star Financial Credit Union,
Reno, NV
Date: March 25, 2009
Records Taken: 28 personal identities

Type of breach: Unknown

The Reno Police Department is working with a local credit union after nearly 30 reports of credit card fraud. There have been 28 reports of fraud at Clear Star Financial Credit Union. All victims reported unauthorized charges at Chicago-area stores.


Bank of America,
Bethlehem PA
Date: March 26, 2009
Records Taken: 286 bank accounts

Type of breach: Skimming

Bethlehem police confirmed a skimmer had been attached to the Bank of America ATM on East Third Street. Video surveillance was also used to film ATM users' personal information as it was entered into the machine. A total of 286 accounts have already been compromised and over $43,000 lost, says investigator Rob Toronzi.


LPL Financial,
Alpharetta, GA
Date: March 27, 2009
Records Taken: Unknown

Type of breach: Stolen or missing hardware

Two desktop computers were stolen from the office of Sullivan and Schlieman Wealth Management, LLC, a financial advisor in Alpharetta, GA. Personal information of LPL clients, including names, addresses, financial account information and Social Security numbers "may have been breached," according to a June 1 letter sent to the New Hampshire Attorney General's office by LPL. Although the theft occurred on March 27 and was reported to the local police, LPL was not notified of the incident until April 29. Affected individuals were notified in May.

 


APRIL

LPL Financial,
Westlake, OH
Date: April 8, 2009
Records Taken: Unknown

Type of breach: Stolen or missing hardware
Two computers and a server were stolen from the office of Sandru Financial, which included LPL Financial client names, financial account information and SSN. LPL has had multiple breaches over the past several years. The company notified Maryland's AG about the breach.


Staten Island Bank & Trust,
Oakwood, NY
Date: April 15, 2009
Records Taken: Information on 50 bank accounts

Type of breach: Skimming

An ATM security breach at SI Bank & Trust's Oakwood branch went undetected for more than a month, but now is under investigation by the FBI. An ATM device captured customer info and at least 50 of the bank's customers were affected.


DFS Capital Funding
Franklin, IN
Date: April 19, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

A man found a pile of personal documents along the side of the road in rural Johnson County in April. Among the documents was a folder containing a loan application of an Ohio couple, including their Social Security numbers, bank information, places of employment and phone numbers. Franklin-based DFS Capital Funding is the company listed on the paperwork. It looks to have given a loan approval to the Ohio couple in 2005.


Centaurus Financial Inc.,
Orange County, CA
Date: April 28, 2009
Records Taken: Unknown

Type of breach: Outside network intrusion

The Financial Industry Regulatory Authority (FINRA) fined Centaurus Financial, Inc. (CFI), of Orange County, CA, $175,000 for its failure to protect certain confidential customer information. FINRA says from April 2006 to July 2007, CFI failed to ensure that it safeguarded confidential customer information. Its improperly configured computer firewall - along with an ineffective username and password on its computer facsimile server - permitted unauthorized persons to access stored images of faxes that included confidential customer information, such as social security numbers, account numbers, birthdates and other sensitive, personal and confidential data.


WaMu Investments, Inc.,
Irvine, CA
Date: April 30, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

WaMu Investments notified the New Hampshire AG that during a review it discovered that personal documents containing names, account numbers, addresses, estimated annual income and estimated net worth are missing. They have searched "extensively through files ...both in our offices and at our offsite storage location." The documents were from 2001 and 2006. This affects people in various states.

 


MAY

Southern Florida ATMs,
Broward, Palm Beach, Miami-Dade Counties, FL
Date: May 1, 2009
Records Taken: Unknown

Type of breach: Skimming

According to a Department of Justice indictment, the defendants and their co-conspirators used a "skimming device" to capture the information stored on the magnetic stripe of bank debit cards when the cards were placed into ATMs throughout Broward, Palm Beach and Miami-Dade Counties. The skimming devices and hidden micro-video cameras were placed on the ATMs to record customers' PINs as they conducted their transactions. The money was sent to individuals in the US, Romania and other locations.


First Bank,
Westminister, CO
Date: May 2, 2009
Records Taken: Unknown

Type of breach: Skimming

Local police report that a "skimming device" used to steal information from credit and debit cards was found near an ATM at a First Bank branch in Westminister.


First Republic Bank,
San Francisco, CA
Date: May 4, 2009
Records Taken: 560 bank customer PII

Type of breach: Insider theft

A former San Francisco bank mailroom supervisor accused in an identity theft scam faces up to seven years in prison if convicted. San Francisco prosecutors say that over a six-month period beginning in April 2007, he allegedly opened customer mail at a First Republic Bank branch containing both commercial and personal identifying information. He then allegedly made copies of checks, and sold those copies as part of a larger identity theft scheme. The checks were later used by someone else to replicate the bank account. The Secret Service says as many as 560 pieces of mail may have been opened.


Countrywide Financial,
Fort Worth, TX
Date: May 4, 2009
Records Taken: 4,000 account numbers

Type of breach: Insider theft

A man posing as an Air Force reservist seems to have gotten thousands of account numbers from Countrywide Financial in Forth Worth. The investigators tracked the case to his accomplice, a customer service rep. The Air Force impostor stole $500,000.


CompuCredit, Aspire,
Indianapolis, IN
Date: May 11, 2009
Records Taken: 120 credit card statements

Type of breach: Exposure of data on Internet

A major credit card company is investigating how more than 100 statements were made available online. Account information including SSNs was involved. Further information reveals that it was a computer processing error that created a single image file of 120 account statements.


Sovereign Bank,
Staten Island. NY
Date: May 11, 2009
Records Taken: 250 bank customer account numbers and PINs

Type of breach: Skimming

A band of thieves installed Sovereign Bank ATMs with skimmers so that they could steal account and password information from bank customers. They placed cameras to film victims typing in PIN codes. The bank is reimbursing customers for the fraudulent withdrawals. The thieves stole $500,000 from 250 customer accounts.


Colonial Penn,
Philadelphia, PA
Date: May 15, 2009
Records Taken: Information on 120 bank accounts

Type of breach: Insider theft

A former Colonial Penn Life Insurance Co. employee was indicted by a federal grand jury in May on charges of using company computers to steal personal and bank-account information of customers who also had accounts with Citizens Bank, M&T Bank and Wachovia Bank. More than 120 customers had their details stolen. Law enforcement says between Aug. 1, 2007 and Aug. 8, 2008, Lisa Bryant Nelson, 37, of North Philadelphia, PA passed on the customers' information to individuals who made fake IDs and counterfeit checks in the names of the bank customers.


Members Plus Credit Union,
Somerville, MA
Date: May 18, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

MPCU says it lost a box in Sept 2008 that included account and SSN information of members from Dec 2000 to Nov 2001. The credit union became aware of the loss in April 2009. The credit union notified Maryland's AG about the breach.


Chase Bank
New York, NY
Date: May 18, 2009
Records Taken: Unknown

Type of breach: Skimming

Four Romanian men were arrested in Florida after being accused of skimming a Central New York Chase Bank ATMs. Police say several customers who used the ATM at a Chase Bank in Cicero later found cash had been withdrawn from their accounts from ATMs in New York City, totaling about $40,000. A skimmer was found in the card slot of the machine.


Four Peaks Financial Services
Scottsdale, AZ
Date: May 30, 2009
Records Taken: Unknown

Type of breach: Exposure of data on Internet

Four Peaks is accused of exposing its customers' sensitive personal information, including name and credit card numbers, on its website. The state's enforcement action charges Four Peaks with violating the Texas Identity Theft Enforcement and Protection Act, which carries penalties that range between $2,000 and $50,000 per violation of the act. Four Peaks is a debt reduction/settlement company.

 


JUNE

Charles Schwab Corp.,
San Francisco, CA
Date: June 12, 2009
Records Taken: Unknown

Type of breach: Stolen or missing hardware

Investment firm Charles Schwab notified the New Hampshire Attorney General's Office that in early May a computer hard drive containing client personal information, including Social Security number, name or account number, was stolen. The hard drive had been taken off of company premises, in violation of company policy, and was subsequently stolen.


Beneficial,
South Bend, IN
Date: June 20, 2009
Records Taken: 80 loan application files

Type of breach: Missing paper documents

The Indiana attorney general's office investigated how at least 80 files of personal loan-application information ended up in a dumpster behind a shopping center in South Bend. In the files were loan applications, complete with names, Social Security numbers and bank account numbers. Also included in the records were tax returns, copies of checks, credit reports, good-faith estimates, signed disclosure notices, and certificates of survey.



JULY

American Express,
Phoenix, AZ
Date: July 7, 2009
Records Taken: Thousands of card numbers

Type of breach: Insider theft

Two Phoenix men are accused of stealing thousands of American Express card numbers and swindling more than $1 million dollars from customers. Police discovered during their investigation that a former employee had not only worked as a computer database analyst for American Express, he was one of the few who could have possibly downloaded all of their account holders information, including the PIN numbers used to access money from ATM machines at the different banks, according to court records.


Wachovia Bank,
Williamsburg, VA
Date: July 15, 2009

Records Taken: Unknown
Type of breach: Insider theft

A Hampton, VA woman was charged of using her Wachovia bank teller position to access customer information and open fraudulent credit card accounts in their names for a commission.


American Express,
Canfield, OH
Date: July 23, 2009
Records Taken: 300 American Express account numbers

Type of breach: Insider theft

A former American Express employee and four other alleged accomplices were arraigned for theft of 300 American Express account numbers. The alleged ring leader of the group is Melissa Zingarelli, 36, a former employee of American Express.

 


AUGUST
Morrison Financial Corp,
Wichita, KS
Date: August 4, 2009
Records Taken: Unknown

Type of breach: Missing paper documents

Client records from a defunct Wichita mortgage-brokerage firm were found in the dumpster outside the Holiday Inn in Wichita. Some of the information contained in the boxes of documents found at the Holiday Inn included Social Security numbers, bank account numbers and photocopies of drivers' licenses and checks.


Wachovia Bank,
Atlanta, GA
Date: August 7, 2009
Records Taken: Unknown

Type of breach: Insider theft

Three metro Atlanta residents were indicted on bank fraud conspiracy and identity theft charges for allegedly stealing Wachovia Bank account numbers and taking thousands of dollars from the accounts. One of the defendants worked in a department and had access to customer account information, including account numbers, signature cards, related accounts, and personal identifying information of the account holders.


Citigroup,
Boston, MA
Date: August 10, 2009
Records Taken: Unknown

Type of breach: Unknown

Bank of America Corp. and Citigroup Inc. have issued new credit and debit cards to Massachusetts customers after running into data-safety concerns. Charlotte-based BofA and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account numbers may have been compromised by an undisclosed third-party.


Bank of America,
Boston, MA
Date: August 10, 2009
Records Taken: Unknown

Type of breach: Unknown

Bank of America Corp. and Citigroup Inc. have issued new credit and debit cards to Massachusetts customers after running into data-safety concerns. Charlotte-based BofA and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account numbers may have been compromised by an undisclosed third-party.


Wells Fargo Bank,
Sacramento, CA
Date: August 14, 2009

Records Taken: Unknown
Type of breach: Insider theft

A Wells Fargo Bank employee working inside a bank call center was arrested on August 14, using customer account access to pay her own debts, says the U.S. Attorney's office. Ronita Prasad, of Antelope, CA, opened credit card accounts and ATM cards between December 2008 and July 2009. She gained access to customer accounts through a protected system without authorization.


Unknown Denver Realtor,
Denver, CO
Date August 14, 2009
Records Taken: Hundreds of loan documents

Type of breach: Missing paper documents

The Colorado Division of real estate removed hundreds of loan documents that included house appraisals, social security numbers, addresses, phone numbers, even copies of checks from a dumpster at a Denver shopping center. The state regulator says an investigation is underway and may lead to censure or suspension of the realtor or appraiser's state license.


Sun Valley Mortgage

Weber County, UT
Date: August 18, 2009
Records Taken: 600 account numbers and SSNs
Type of breach: Stolen or missing hardware

The Weber County Sheriff's office is investigating a missing laptop from a Sun Valley Mortgage loan officer. Officers say the loan officer accidentally left his computer on a sidewalk instead of putting it in his car. On the laptop were the names, social security numbers and account numbers of 600 clients of the mortgage company.

 


SEPTEMBER

Jonathan Boxman
Staten Island, NY
Date: September 6, 2009
Records taken: Hundreds of credit reports
Type of breach: Missing paper documents

A former title-insurance agent who was arrested in July on charges he allegedly stole money from clients is also accused of dumping boxes of client files. Hundreds of Jonathan Boxman's clients' files were found behind the office building. Some files contained personal identifiable information, including Social Security numbers, copies of driver's licenses, original deeds and mortgage papers.

 

Capitol One Bank
Minneapolis, MN
Date: September 6, 2009
Records taken: Unknown number of bank customer accounts
Type of breach: Exposure of data on Web

Prosecutors in Minneapolis say between July 2008 and April 2009 a crime ring purchased the personal information of Capitol One Bank customers from an online source in the Ukraine, who illegally profited from the sale. It says the group then used the information to create counterfeit credit card accounts, withdrawing more than $652,205.49 from more than 170 ATMs throughout the Twin Cities. Eleven people have been charged in the counterfeit credit card scheme, eight of them are in custody.



7 Mortgage companies
San Francisco. CA
Date: August 1, 2009
Records taken: Hundreds of personal records
Type of breach: Missing paper documents

The San Mateo County Sheriff's department reports that it found hundreds of papers in a dumpster on August 1, including mortgage, titles and other personal information generated between Jan. 1 and July 1, 2006. Among the mortgage, lending and title companies listed on the paper work are Alliance Title; American Prime Funding; Funding Suite; Financial Title Company; Ticor Title Company; Orange Coast Title Company; and Bella Homes and estates.

 


OCTOBER

M & T Bank
Rodgers Forge, MD
Date: October 8
Records Taken: 52 documents
Type of breach: Missing paper documents

A local branch of M & T Bank in Rodgers Forge, MD was found to have tossed 52 personal identifiable information records into a dumpster last week.

 

PayChoice,
Moorestown, NJ
Date: October 15
Records Taken: Unknown
Type of breach: Outside Network Intrusion

PayChoice, a New Jersey-based payroll processor alerted its online customers on October 15 that its network had been breached for a second time in less than a month. The payroll processing company warned its customers by email about the new breach after some clients reported "phantom" employees showing up on their payrolls.

 

FirstMerit Bank,
Streetsboro, Westlake, Elyria, OH
Date: October 7-8
Records Taken: Unknown
Type of breach: Missing paper documents

Police are investigating the theft of three large storage bins from three FirstMerit Bank branches in Ohio. The storage bins were used to store paper waiting to be shredded.

One of the three bins contained personal documents of bank customers, says FirstMerit spokesman Rob Townsend.

 

Bank of New York Mellon
New York, NY
Date: October 30, 2009
Records Taken: 150 employee identities
Type of breach: Insider Theft

A computer technician is alleged to have used the identities of 150 Bank of New York Mellon (https://www.bankinfosecurity.com/articles.php?art_id=1895) employees to steal $1.1 million over an 8-year period, from 2001 to April 30, 2009. Adeniyi Adeyemi, a Brooklyn man, was indicted in New York Supreme Court with grand larceny and identity theft. He worked in the bank's Information Technology Department during that time period. He is alleged to have used the employees' identities to open more than 30 bank and brokerage accounts with several financial institutions in order to move large amounts of money overseas.

 


NOVEMBER

Washington Mutual
Atlanta, GA
Date: November 9
Records Taken: Unknown
Type of Breach: Skimming


Two Romanian men pleaded guilty to "skimming" nearly $200,000 from Atlanta-area Washington Mutual ATMs in early November. From fall 2007 to July 2008, the men are accused of attaching equipment to ATMs that would automatically record a bank customer's debit card number. Court authorities say the men, along with co-conspirators installed cameras above the ATM keyboards to record as the customer typed in the card's personal identification number or password.


Obsidian Financial Group
Woodbury, NY
Date: November 10
Records Taken: Unknown
Type of Breach: Missing paper documents


A former Obsidian employee broke into the Woodbury, NY financial services company, photocopied customers' Social Security numbers and bank reference numbers, and took the photocopied data with him when he left, say Nassau County police. Christopher Pemberton, 31, was arrested and charged with burglary. He had worked at Obsidian for six days in October, then used the front door key code to enter and make the copies.


HSBC-North America
Mettawa, IL
Date: November 20
Records Taken: Unknown
Type of Breach: Exposure of data on Web

On July 9, 2009, Household Finance Corp. learned that PII had been viewable by certain computer users. The bank says it tried to obscure information in Chapter 13 bankruptcy proof-of-claim forms, but that the information was still visible because of a "deficiency in the software used to save imaged documents."  The issue involved forms filed between May 2007 and mid October 2008.


Flagstar Bank
Grand Rapids, MI
Date: November 25
Records Taken: Unknown
Type of Breach: Stolen or missing hardware

A laptop owned by a bank vendor of Flagstar Bank was stolen, and inside the computer were some customers' social security numbers. The missing laptop may have caused a security breach at Flagstar Bank in Grand Rapids, MI, according to a letter the bank sent to some of its customers on Nov. 25. The bank's letter tells customers that a laptop owned by an unidentified bank vendor was stolen and held an undisclosed number of customer social security numbers. The vendor is a company that helps Flagstar with services the bank provides, the bank says.



DECEMBER

Textron Financial
Providence, RI
Date: December 1
Records Taken: 54
Type of Breach: Stolen or missing hardware

Textron Financial notified the New Hampshire Attorney General's Office on Dec. 1 that an external hard drive lost in mid-October contained personal information on 54 former and current employees, as well as customers. According to a letter sent to affected clients on Dec. 3, names, addresses, Social Security numbers and account numbers relating to the purchase of time-share intervals or loan applications placed with Textron Financial were on the drive.


Lone Star National Bank
McAllen, TX
Date: December 17
Records Taken: Unknown
Type of Breach: Insider Threat


A former vice president and senior loan officer of Lone Star National Bank was convicted of bank fraud on Dec. 17. Emma Vigil, 48, of McAllen, pleaded guilty to two counts of bank fraud. Vigil admitted to using her position at Lone Star to conduct $600,000 in fraudulent and unauthorized debit transactions from her loan clients' bank accounts over a two-year-period beginning in 2007. Vigil carried out the debit transactions in various ways and frequently targeted clients with high balance and high activity accounts to conceal her scheme.


Bank of America
Oakland, CA
Date: December 21
Records Taken: Unknown
Type of Breach: Insider Threat

Alonzo Lamar Holloway, 44, of Oakland, CA was sentenced to 11 years in federal prison on Dec. 21 for bank fraud, wire fraud, aggravated identity theft, and with conspiracy to commit bank and wire fraud and identity theft. Holloway, one of 16 defendants from Oakland, was identified as the ringleader. All were charged in a long-running investigation conducted by the U.S. Secret Service and the U.S. Attorney's Office. Holloway, along with an insider at the Bank of America, stole customer account and social security numbers and sold the data. Cash withdrawals from across the U.S. between 2007 and 2009 racked up almost $700,000 in fraud.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network