Data theft involving four banks could affect 500,000 customers

Computerworld - Electronic account records for some 500,000 banking customers at four different banks were allegedly stolen and sold to collection agencies in a data-theft case that has so far led to criminal charges against nine people, including seven former bank employees (see follow-up story).
Police in Hackensack, N.J., are continuing their investigation into the theft by a crime ring that apparently accessed the data illegally through the former bank employees.
According to the U.S. Department of the Treasury, the crime is believed to be the largest breach of banking security in the U.S., local police said.
Hackensack police Det. Capt. Frank Lomia said the investigation into the crime ring is moving into a new phase.
"This thing's getting bigger and bigger," Lomia said. "It's still growing. The banks are uncovering more accounts than we knew about."
The police announced the arrests of the nine suspects on April 28 and charged them with illegally selling personal identification information stolen from bank and New Jersey state computer databases.
The police investigation alleges that a company called DRL Associates Inc. was set up to find individuals and as a collection agency, but was not properly licensed for those activities by the state.
A Hackensack man, Orazio Lembo, 35, has been charged with one count of racketeering and eight counts of disclosing data from a database for his role in the crime ring. Police allege that Lembo used his home as an office for DRL Associates and that he had hired several upper level bank employees to access data, including names, account numbers and balances, from the banks.
The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. One of the other suspects is a former manager of the New Jersey Department of Labor.
According to police, after the information was accessed, Lembo and the company then sold it to more than 40 collection agencies, law firms and others. Police are now looking into the law firms and collection agencies that allegedly did business with DRL.
Banking officials at Wachovia are notifying about 14,000 customers of the possible identify thefts concerns, according to a spokeswoman.
Alexandra Liftman, a spokeswoman for Bank of America, said the bank hasn't revealed the number of customers who may have been affected by the theft. Liftman would only say that the bank has communicated so far with 75 customers whose records were known to be accessed by the crime ring.
No suspicious or unlawful activity or fraud has been reported involving those