Scope of bank data theft grows to 676,000 customers

Computerworld - What is thought to be the largest U.S. banking security breach in history has gotten even bigger.
The number of bank accounts accessed illegally by a New Jersey cybercrime ring has grown to 676,000, according to police investigators. That's up from the initial estimate of 500,000 accounts police said last month had been breached.
Hackensack, N.J., police Det. Capt. Frank Lomia said today that an additional 176,000 accounts were found by investigators who have been probing the ring for several months. All 676,000 consumer accounts involve New Jersey residents who were clients at four different banks, he said.
Even before the latest account tally was made public, the U.S. Department of the Treasury labeled the incident the largest breach of banking security in the U.S. to date (see story).
The case has already led to criminal charges against nine people, including seven former employees of the four banks. The crime ring apparently accessed the data illegally through the former bank workers. None of those employees were IT workers, police said.
Lomia today said that the suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms, police said.
The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia said. The data was then provided to a company called DRL Associates Inc., which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police said.
A Hackensack man, Orazio Lembo, 35, has been charged with one count of racketeering and eight counts of disclosing data from a database for his alleged role in the crime ring. Police said that Lembo used his home as an office for DRL Associates and that he hired the upper level bank employees to access data, including names, account numbers and balances, from the banks.
The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. One of the other suspects is a former manager of the New Jersey Department of Labor.
According to Lomia, investigators learned that the bank employees normally conducted 40 to 50 searches of customer bank accounts as a daily part of their jobs. While the