Computerworld - This version of the story originally appeared in Computerworld's print edition.
A former employee accused of stealing customer data from Countrywide Financial Corp. may have been able to download the information to a thumb drive because of an oversight by the home mortgage lender's IT department.Rene Rebollo, a former financial analyst at Countrywide, was arrested Aug. 1 in Pasadena, Calif., for allegedly stealing and selling the data, which included names, Social Security numbers and contact information.
According to affidavits filed in U.S. District Court in Los Angeles, Rebollo told FBI agents that most of the computers in the office where he worked had a security feature that prevented the use of thumb drives -- but he had found one system that didn't.
He estimated that he downloaded about 20,000 customer profiles weekly over two years, according to the affidavits.
Bank of America Corp., which acquired Countrywide last month, didn't respond to multiple requests for comment about the data thefts and the lender's IT security practices.
Pat Clawson, chairman and CEO of Lumension Security Inc., said companies should scan all network devices to ensure that security controls are in place.
Some organizations have taken far more Draconian steps, he noted, citing federal agencies that filled USB ports with glue to keep them from being used.
Gohring writes for the IDG News Service.
Got something to add? Let us know in the article comments.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
