IT security oversight may have enabled data breach

By Nancy Gohring

August 11, 2008 12:00 PM ET

Comments

(2)

Top Stories

Computerworld - This version of the story originally appeared in Computerworld's print edition.

A former employee accused of stealing customer data from Countrywide Financial Corp. may have been able to download the information to a thumb drive because of an oversight by the home mortgage lender's IT department.

Rene Rebollo, a former financial analyst at Countrywide, was arrested Aug. 1 in Pasadena, Calif., for allegedly stealing and selling the data, which included names, Social Security numbers and contact information.

According to affidavits filed in U.S. District Court in Los Angeles, Rebollo told FBI agents that most of the computers in the office where he worked had a security feature that prevented the use of thumb drives -- but he had found one system that didn't.

He estimated that he downloaded about 20,000 customer profiles weekly over two years, according to the affidavits.

Bank of America Corp., which acquired Countrywide last month, didn't respond to multiple requests for comment about the data thefts and the lender's IT security practices.

Pat Clawson, chairman and CEO of Lumension Security Inc., said companies should scan all network devices to ensure that security controls are in place.

Some organizations have taken far more Draconian steps, he noted, citing federal agencies that filled USB ports with glue to keep them from being used.

Gohring writes for the IDG News Service.

Got something to add? Let us know in the article comments.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Countrywide

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.