Reports indicate Bank of America has been stung by an insider-coordinated breach that is responsible for as much as $10 million dollars in funds being stolen from banking clients.
A BofA employee leaked sensitive information about at least 300 clients to a criminal fraud ring, including names, bank account numbers, PINs, addresses, Social Security numbers, phone numbers, driver’s license numbers, birth dates, e-mail addresses, family names and account balances.
Over at least a one year period, the crooks used that information to open new accounts, order checks, and conduct other banking transactions while hiding the activity from BofA customers by hijacking email accounts.
The breach led to the arrest of about 95 suspects by the Secret Service in February, and BofA clients are only recently finding out abut the heist.
“Money was missing, so there should have been some trigger just identifying that there was a problem. It’s just weird that the problem wasn’t picked up on sooner,” said Kirk Nahra, an attorney and privacy expert.
Security experts are speculating as to why it took BofA so long to notify customers of the data loss event.
“BofA was probably trying to figure out how far-reaching the fraud was and was working with law enforcement, so they had to keep some of it contained until they knew what they were dealing with,” said analyst Julie McNelley.
The threat posed by malicious insiders is one of the most persistent vulnerabilities today, and also one of the most difficult to combat. Thousands of companies store a wealth of personally identifiable information on consumers, and it only takes one bad employee to undermine even the most elaborate security systems.
“It’s a huge issue for all types of consumer information that is stored, and it’s being heavily targeted by all kinds of breaches. Organized crime either had an employee planted or reached out to an employee and got them in on the hack. We’re seeing this more and more,” said McNelley.
Bank of America representatives made attempts to reassure clients that securing their personal data and funds are of the highest priority, and are asking customers to check their accounts and immediately report any unusual activity.
“Keeping customer information secure and confidential is one of our most important responsibilities, and Bank of America sincerely apologizes for this incident, and regrets any inconvenience it may cause our customers. We work hard to prevent fraud, and our customers who experience fraud on their accounts related to this incident will be reimbursed if they report it promptly to us,” says BofA spokeswoman Colleen Haggerty.