Countrywide Financial Insider Breaches 2 Million
Laptop Security Blog Countrywide Financial Insider Breaches 2 Million
August 11th, 2008
Author: arieanna
Who Breached: Countrywide Financial Corporation
Number Affected: 2,000,000
Information breached: Social Security Numbers
How: Insider theft
It’s not very often we hear about intentional insider breaches of information, particularly on this scale. The FBI arrested a former Countrywide Financial Corporation employee and another man in connection with the alleged theft and sale of the information of as many as 2 million mortgage applicants. The personal information of the mortgage applicants included Social Security Numbers.
The breach occurred over a two-year period until it was discovered this July. The insider arrested worked as a senior financial analyst at the lending division of Countrywide, Full Spectrum Lending. The second man arrested is the alleged reseller of the stolen data.
US Attorney spokesman Thom Mrozek says most, or all, of the names were being sold to people within the mortgage industry in order to make new pitches. The insider, who volunteered details to the FBI, would sell batches of about 20,000 customers as “leads” to outside loan agents at approximately 2.5 cents per name, a very low amount on the black market. It is unknown if any of the information was used for fraud or identity theft.
“It’s the potential for new-account fraud that arises when Social Security accounts are compromised,” said Beth Givens, director of the nonprofit Privacy Rights Clearinghouse. “That’s the most serious kind of financial identity theft,” because large amounts can be involved and the fraud is more difficult to detect than it is on preexisting accounts.
“This guy obviously didn’t do his homework. He doesn’t know the value of these on the black market,” she said.
The theft was perpetrated via an unsecured external hard drive. He was able to use one computer in the Spectrum Lending office that he knew to be insecure, missing the security feature that disabled the use of external drives. There was no process of detection in place that would prevent this unsecured computer from accessing network data, nor any procedure in place to prevent unauthorized copying of data.
To learn from this breach:
- Audit user access to data, to ensure users have only necessary access to data
- Monitor data access – what is accessed and by whom
- Restrict copying of data
- Add real-time detection – be able to detect unauthorized attempts to access data, insecure computer connections, and unusual user activity
Via LA Times, Computer World Tags: data breach, breach, it security, data security, countrywide, countrywide financial, spectrum lending, arrested, fraud
Category: Data Breach, Real Theft Reports, Security Breach | 
3 Comments »
[...] Insider possibly compromises 2,000,000 records, including Social Security numbers, of mortgage appli…: “Countrywide Financial Corp. data loss circa 2008/08/02″ [...]
Try working for this company after this!
Please visit our site. Class action status has been requested. http://www.countrywidelawsuit.net
All applicants, mortgagors and spouses should at least inquire