Bank of America notifying 60,000 customers about stolen data

Computerworld - Bank of America Corp. officials today confirmed that information on about 60,000 customers has been stolen by a New Jersey data-theft ring, thought to be at the center of the largest U.S. banking security breach in history.
Just last week, Bank of America had estimated that only 75 customers had been targeted by the ring.
The Charlotte, N.C.-based bank is now contacting customers whose information was found in the theft ring's database and will help them ensure the future safety of their personal information, said Alexandra Liftman, a spokeswoman for Bank of America.
The accounts are among some 676,000 from which data was stolen by the theft ring during the past four years, according to police in Hackensack, N.J., who have been investigating the crime (see story).
"There's no evidence to indicate that our customer information has been used for account fraud or identity theft," Liftman said. Customers are being told they won't be responsible for unauthorized charges and are being offered a free one-year subscription to a credit monitoring service, she said.
Customers data at four banks -- Bank of America, Wachovia Corp., Commerce Bancorp Inc. and PNC Bank NA -- were targeted by the crime ring, police have said. Since news of the data theft emerged, bank officials have been tight-lipped about what steps that are taking to make sure such breaches don't recur.
Fran Durst, a spokeswoman for Charlotte, N.C.-based Wachovia, said she couldn't comment "for obvious reasons" on security changes or enhancements being made by the bank to prevent further data-theft incidents.
In a related development, Hackensack police Det. Capt. Frank Lomia today announced the arrest of another suspect in the case, bringing the number of people charged in the case to 10. Eight of the suspects are former bank employees who allegedly provided customer information to build the crime ring's database.
The latest suspect is Maria Zaino, 32, of Lyndhurst, N.J., who worked as a branch manager for Cherry Hill, N.J.-based Commerce Bancorp.
Lomia said the affected customers have all been New Jersey residents, but some moved to other states during the time the crime ring was in operation. Affected customers now live in Florida, Georgia, North Carolina, South Carolina, Maryland and Pennsylvania, he said.
Last month, police estimated that a half-million customer accounts had been breached by the crime ring (see story). But by the end of last week, as police continued their probe, that number rose to 676,000 accounts.
According to police, the former bank workers wrote out customer account information or usedcomputer screen captures to record the data. None of the employees were IT workers, police said.
The suspects are accused of manually building a database of the names and Social Security numbers of bank customers and then selling the information to more than 40 collection agencies and law firms.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.