Wells Fargo Reveals Data Breach

Thousands of Consumer Records Compromised by Data Theft from Vendor
Wells Fargo Reveals Data Breach
A Wells Fargo bank access code was used to steal the personal information of roughly 5,000 consumers, leading the bank to conduct a full-scale inquiry into the data breach.

Wells Fargo says it was notified on July 1 by MicroBilt, an online consumer and commercial credit bureau information provider, that someone had used a Wells Fargo access code to obtain data on 7,000 consumers from its computers. MicroBilt, located in Kennesaw, GA, says that because of the ongoing law enforcement investigation, they are unable to comment about any details of the case. According to Mary Berg, a Wells Fargo spokesperson, Wells Fargo immediately launched a full-scale investigation into how the information was breached and notified the US Secret Service about the data theft.

MicroBilt provides consumer information to Wells Fargo and other banks and businesses, and interfaces with the three consumer credit bureaus: Equifax, Experian and Trans Union. The data breached was for the time period between May and June 2008, says Berg. The two companies (Wells Fargo and MicroBilt) say that business between the two companies has been suspended by mutual agreement.

Berg would not comment on the investigation, but notes Wells Fargo's information security is looking into the loan application area of the bank. "So far, we do not know how this person or persons gained access to the codes. They may have gotten hold of an employee's access credentials," Berg says.

MicroBilt's spokesperson says that law enforcement investigation is looking both internally and externally for how the data was taken. Berg didn't want to comment on what led MicroBilt to become suspicious about the data accessed.

After the breach was discovered, Berg said MicroBilt sent a list of about 7,000 names that had information taken in the data theft. "We whittled that list down after taking out duplicate names and now have about 5,000 names." Wells Fargo decided despite the ongoing law enforcement investigation to go ahead and notify all of the affected consumers, even though there are only a few of them that are Wells Fargo customers. Berg wasn't able to give exact numbers because of the investigation. Each victim will receive one year of identity theft protection service, and Berg says Wells Fargo took this step -- even though many aren't Wells Fargo customers -- because it is the company's responsibility to protect them. "We're doing what we can to alert them so they can protect their accounts," Berg says.

This is the second data breach at a financial services company revealed in August. On August 1, two men were arrested by the FBI in Los Angeles on charges of downloading and selling the identities of mortgage lender Countrywide loan applicants. (SEE RELATED STORY: Identity Theft: Lender Countrywide's Insider Case).

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.