Computerworld -
In a replay of similar incidents over the past three years, Wells Fargo & Co. this week began again to notify people about the potential compromise of their personal information.
This time, the letters are going to an undisclosed number of employees whose personal information was contained in a computer and a hard disk stolen from the trunk of a locked vehicle belonging to an employee of an auditing firm retained by Wells Fargo.
Julia Tunis, a bank spokeswoman, did not say when the equipment was stolen. But she said the bank had started sending out letters to all the affected employees yesterday.
The compromised information included names, Social Security numbers and in some cases information relating to prescription drug and health insurance claims made in 2005. The drug information included only the cost of the drugs and the dates of purchase, while the health care information only included details such as provider names and dates of service, Tunis said.
The auditing company had been hired by Wells Fargo to review the company's health plan information as required by Internal Revenue Service regulations, the spokeswoman said.
"We require all vendors and service providers to take strict measures and follow specific guidelines" for protecting sensitive data, Tunnis said. "In this case, they did not adhere to the specified policies."
As a result, the auditing firm is no longer working for Wells Fargo, Tunis said. She added that so far there is no indication that the compromised data has been misused.
The incident marks the fifth time in less than three years that the San Francisco-based banking company has suffered similar compromises.
In May, a computer belonging to Well Fargo's mortgage group was reported missing while being between transported between Wells Fargo facilities by a global express shipping company. That incident prompted the company to send out letters to an unspecified number of its customers informing them about the potential compromise of their personal data.
The company also suffered breaches in November 2003 and November 2004, when computers and other equipment containing personal data on thousands of Wells Fargo customers were stolen in separate incidents from the offices of third parties working for it.
In February 2004, sensitive data on more than 35,000 Wells Fargo customers was compromised when a laptop containing the information was stolen from an employee's car at a gas station.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
