Rebollo would then sell these "leads" to another man,Wahid Siddiqi, for $500 per batch. The FBI says that Mr. Rebollo admitted that he profited approximately $50,000 to $70,000 from selling the data, which included the Social Security numbers of as many as 2 million mortgage applicants.
The LA Times says:
Rebollo would copy information on about 20,000 customers at a time on Sunday nights by using a [Countrywide] computer that did not have the same security features that other machines in the office had, according to the affidavit by FBI Special Agent Richard P. Ryan.
At that rate, the U.S. attorney's office said, Rebollo would have compromised up to 2 million customer profiles for about 2.5 cents each -- an astonishingly small amount considering the importance of the material. Mortgage leads are among the most expensive for sale because of the potential payoffs to intermediaries when loans are made.
To top it off, not only was this guy selling his customers SSNs, he wasn't even very good at it, said Beth Givens, director of the Privacy Rights Clearinghouse:
"This guy obviously didn't do his homework. He doesn't know the value of these on the black market," she said.
Countrywide insider stole mortgage applicants' data, FBI says [LA Times](Thanks, Alison!)
(Photo: So Cal Metro )
As one of the recipients of the "Dear ---, We are so sorry your personal information was stolen by our employee...." from Countrywide here is what you get "two years of credit monitoring" Whooopiiiiiieeeeee. That's not enough! It is time for them to pay for failing to monitor both the sensitive information and lack of background checks on their employees who have access to it. If he were working in a sensitive area (key word here is sensitive area) within the law enforcement community he would have to pass a polygraph, submit to bank account audits and give the department an audit of his assets yearly.
Sometimes the only way for organizations to understand their responsibility is to hurt them in the bottom line or put them out of business.
]]>So far, I agree with just about every comment here, but Countrywide's IT department needs a flogging on this one. The guy in the story DL'ed the stuff to a FLASH DRIVE??????
Really??? Most financial institutions I've worked with (I don IT consulting work) disable the USB drives in BIOS, or they have monitoring SW (kinda like AV software) that blocks access to removable media of all types.
What that tells me is this is the only guy who got caught _so far_. My guess is without physical data controls, there will be more of these stories to come.
]]>I remember it because it was a big deal since the department I was in, training, needs access to USB drives for exporting and transporting docs. Their response: "Deal with it".
]]>@pal003: Congress: "We don't represent you, we represent the people who lobby us and buy us nice things. Maybe one day you can get sweetheart deals to, if you become a member of congress. If not, go jump in a lake."
The moral of the story is: don't wait for congress to come save you. Place fraud alerts, credit freezes, etc. if you are on this list and pro-actively check your credit files. The best thing Congress can do is to stop making things worse.
]]>I am also concerned to learn that every CSR at Bank of America can see my full SSN on my account every time I call with a question. Why not just a partial SSN or some other identifier?
Attention Congress - stop this abuse of our personal information!
]]>Then they need to begin a complete overhaul of the entire loan and credit industry; start kicking butt and taking names. Obviously, these industries can't be trusted to handle things themselves.
]]>@IamNotToddDavis: I'm all for some "scared straight" type warnings. Go to a *real* prison and be someone's bitch for a month. Then we'll see how much white collar crime happens
]]>@RabbitDinner: @bohemian:
I'm with you. Prison time should be a minimum, and I don't mean federal "minimum security" either. Put them in a real prison. Fines mean nothing to these people, they just pay them and move on to the next scam. There has to be a greater penalty for such egregious behavior.
]]>@ChootinDaChit: Wow the employee was one county wide? Jeez america really is the fattest nation...
]]>This guy is an idiot, and deserves every second of time he'll be spending in the federal pen.
]]>@bohemian: I don't want my comment to be confused for elitism or racism, but it's true. This demographic actually has something to use, and for this kind of people, fear of prison is actually a good deterrent. Even any legitimate assets you may have had-stocks, bonds, etc-if you have a spouse, say goodbye to that, and your reputation, and any hope of getting a job back in your industry once you're out. Criminal-criminals, don't have nearly as much to lose in terms of livelihood. All these thugs deserve time in a pound-me-in-the-ass prison, let the guy who held up the convenience store with a knife out early, and lock up all the real criminals.
]]>This is just sickening. Death penalty. That'll change this type of fraud FAST. Start killing these people, seriously...
]]>One of the best deterrents against this kind of behavior is fear of prison because these people actually have something to lose. Thinking they won't get caught or will get some easy punishment encourages this.
]]>Most businesses used to require two signatures on a check, to reduce opportunities for fraud. It seems anyone can access mass financial data with a few mousclicks.
Perhaps database access needs controls requiring multiple person's sign-ins? Sort of like the digital equivalent of a safety deposit box requiring two keys?
This wouldn't prevent theft, but perhaps eliminate the single rogue employee kind of theft by requiring collusion between multiple employees for data breaches to occur.
]]>How much are these identities and SSN's worth? I'll sell mine and my kids to someone for a tank of unleaded.
]]>I hope he serves at least 20 years, but we know he won't even get sentenced to 10 probably. He'll roll on someone and only have to pay fines I bet.
]]>Much like Countrywide in general, he just didn't understand the true value of money.
]]>