Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Scope of bank data theft grows to 676,000 customers

Bank employees used computer screen captures to snag customer data
Todd Weiss   Today’s Top Stories    or  Other Cybercrime and Hacking Stories  
 

Sign up to receive Security Resource Alerts

May 20, 2005 (Computerworld) -- What is thought to be the largest U.S. banking security breach in history has gotten even bigger.
The number of bank accounts accessed illegally by a New Jersey cybercrime ring has grown to 676,000, according to police investigators. That's up from the initial estimate of 500,000 accounts police said last month had been breached.
Hackensack, N.J., police Det. Capt. Frank Lomia said today that an additional 176,000 accounts were found by investigators who have been probing the ring for several months. All 676,000 consumer accounts involve New Jersey residents who were clients at four different banks, he said.
Even before the latest account tally was made public, the U.S. Department of the Treasury labeled the incident the largest breach of banking security in the U.S. to date (see story).
The case has already led to criminal charges against nine people, including seven former employees of the four banks. The crime ring apparently accessed the data illegally through the former bank workers. None of those employees were IT workers, police said.
Lomia today said that the suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms, police said.
The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia said. The data was then provided to a company called DRL Associates Inc., which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police said.
A Hackensack man, Orazio Lembo, 35, has been charged with one count of racketeering and eight counts of disclosing data from a database for his alleged role in the crime ring. Police said that Lembo used his home as an office for DRL Associates and that he hired the upper level bank employees to access data, including names, account numbers and balances, from the banks.
The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. One of the other suspects is a former manager of the New Jersey Department of Labor.
According to Lomia, investigators learned that the bank employees normally conducted 40 to 50 searches of customer bank accounts as a daily part of their jobs. While the ring was in operation, however, they performed up to 500 account searches a day, looking for new data to steal.
Lembo, who police said was the kingpin of the operation, saved electronic records of all his transactions, including payments he made to the former bank employees for their help, Lomia said.
"In law enforcement, computers are our best friends," he said. "They leave a [data] trail. Now it's all in one neat place and it gives the forensic computer specialists so much information. This guy was real good at saving everything, and we appreciate that."
Fran Durst, a spokeswoman for Charlotte, N.C.-based Wachovia Corp., today declined to comment on security changes made at the bank since the ring was uncovered. "We have no comment on security procedures, for obvious reasons," she said.
Several federal agencies are now involved in the probe, including the Treasury Department and the Internal Revenue Service, according to Lomia.
The next phase of the investigation is targeting the law firms and collection agencies that bought the information from the crime ring.
The police originally announced the arrests of the nine suspects on April 28 and charged them with illegally selling personal identification information stolen from bank and New Jersey state computer databases.
In addition to Lembo, the other suspects are:

  • Orlando Rivera, 42, of New Milford, N.J., a former manager at the New Jersey Department of Labor.

  • Kelvin Diaz, 27, of Hackensack, a former Bank of America employee.

  • Zoran Levajac, 35, of Totowa, N.J., a former Commerce Bank manager and former PNC Bank manager.

  • Myron Frierson, 29, of Teaneck, N.J., a former financial specialist for Wachovia Bank.

  • Maurice Williams II, 28, of Hackensack, a former financial specialist for First Union Bank, which later became Wachovia Bank.

  • Kathleen Lovelace, 35, of Kearny, N.J., a former assistant manager at Commerce Bank and former employee of PNC Bank.

  • James DiGangi, 27, of Elmwood Park., N.J., a former employee of Commerce Bank and PNC Bank.

  • Anthony Diamanti, 29, of Clifton, N.J., a former employee of Commerce Bank and of PNC Bank.



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"A video is making the rounds showing how Vista SP1 has significantly improved Vista's immensely annoying User Account Control (UAC)...." Read more...
"So are you getting excited about a nice, long weekend for Memorial Day? Well, before you start cooking hot dogs..." Read more...
Read more Security posts or See all Blogs

Mozilla launches Firefox 3.0 RC1 early
Microsoft: Don't misunderstand UAC, other Vista features
HP confirms XP SP3 endless reboot snafu, promises patch
More top stories...
Microsoft pulls Windows Home Server backup feature
Yahoo tells Icahn that its own board knows best
Tools circulate that crack Debian, Ubuntu keys

Shuttle Columbia's hard drive data recovered from crash site
Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive.
The top 15 vaporware products of all time
These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't.
Opinion: Malware vs. anti-malware, 20 years into the fray
Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle.
Leopard at six months: Does it live up to the early hype?
Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Enterprise-Class Security Zone
Enterprise Solutions Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
The Data Center Management Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing Financial Services Beyond the Perimeter
Intercept Spam & Viruses With MessageLabs
Meeting PCI Compliance with SonicWALL Global Management System
View more whitepapers 
2008 Internet Security Trends Report
Get this report now!
(Source: Ironport) For a time, security controls designed to manage spam, viruses, and malware were working. Loud, high-impact attacks abated. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased.
Download this white paper go
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the network security landscape has changed dramatically. Today's IT professionals still have the primary responsibility of protecting the confidentiality of corporate information, preventing unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.

Download this white paper 
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.

Download this white paper 
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.

View this demo 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.