Scope of bank data theft grows to 676,000 customers
Bank employees used computer screen captures to snag customer data
Computerworld - What is thought to be the largest U.S. banking security breach in history has gotten even bigger.
The number of bank accounts accessed illegally by a New Jersey cybercrime ring has grown to 676,000, according to police investigators. That's up from the initial estimate of 500,000 accounts police said last month had been breached.
Hackensack, N.J., police Det. Capt. Frank Lomia said today that an additional 176,000 accounts were found by investigators who have been probing the ring for several months. All 676,000 consumer accounts involve New Jersey residents who were clients at four different banks, he said.
Even before the latest account tally was made public, the U.S. Department of the Treasury labeled the incident the largest breach of banking security in the U.S. to date (see story).
The case has already led to criminal charges against nine people, including seven former employees of the four banks. The crime ring apparently accessed the data illegally through the former bank workers. None of those employees were IT workers, police said.
Lomia today said that the suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms, police said.
The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia said. The data was then provided to a company called DRL Associates Inc., which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police said.
A Hackensack man, Orazio Lembo, 35, has been charged with one count of racketeering and eight counts of disclosing data from a database for his alleged role in the crime ring. Police said that Lembo used his home as an office for DRL Associates and that he hired the upper level bank employees to access data, including names, account numbers and balances, from the banks.
The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. One of the other suspects is a former manager of the New Jersey Department of Labor.
According to Lomia, investigators learned that the bank employees normally conducted 40 to 50 searches of customer bank accounts as a daily part of their jobs. While the ring was in operation, however, they performed up to
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts