How Many Experian Credit Monitoring Services Are Enough? (Product Review)
Equifax "3-in-1" Credit Monitoring Service (Product Review)

Another Data Breach At Bank Of America

Bank of America When will this bank's senior executives take data security seriously? In the ZDNet Between The Lines blog, Larry Dignan reported that he had received a breach notice from Bank Of America:

We have learned that information from certain Bank of America Check Cards may have been compromised. Your Check Card number may have been part of this compromise.

The bank didn't disclose the number of check cards exposed or stolen. Sadly, this data breach is another in a long series of data breaches:

  • February 25, 2005: lost data tape: Charlotte, North Carolina: 1.2 million records exposed
  • June 29, 2005: stolen laptop computer: 18,000 records exposed
  • September 23, 2005: stolen laptop with undisclosed number of Visa debit card records
  • December 14, 2006: a former contractor unauthorizedly accessed the personal data of an undisclosed number of customers
  • April 12, 2007: stolen laptop exposed the personal data of an undisclosed number of current, former and retired employees

Data source: Privacy Rights Clearinghouse

Actions speak louder than words. And the bank's string of data breaches speak loudly. Bank of America isn't protecting consumers' and employees' data as it should. Stronger systems and more effective employee training are required.

My guess: some bank of America consumers and employees will soon receive a Privacy Assist credit monitoring offer from the bank. If you receive such an offer letter, I suggest that you demand that Bank of America provide credit monitoring services for life, since the bank has such a poor historical record of data security. More breaches are likely until something changes at the bank.


Feed You can follow this conversation by subscribing to the comment feed for this post.



It's possible that Bank of America was not at fault in this instance. Perhaps this related to a data breach of cardholder information that occurred at a merchant. One way fraudsters get this information is by placing a skimming device on the card reader that picks up all magnetic stripe information + PIN. Some retailers have been victimized by fraudsters purporting to be replacing broken terminals and replacing them with terminals that act normally but also retains card data and transmits it back to the criminals. A 60 Minutes show last year profiled a hacker who easily broke into a major retailer's wireless network and captured cardholder data including PIN. None of these incidents are the fault of the cardholder or the cardholder's bank.

I don't work for B of A but I do work for a small financial institution on the west coast that has also been affected by these types of data compromises. We do the right thing by immediately replacing cards for customers who used theirs at a merchant affected by a data compromise. Although most are never caught, we have been successful in helping local law enforcement catch and prosecute thieves responsible for these frauds. The FBI is finally starting to take this stuff seriously, whereas three years we were solely at the mercy of local police who didn't have the resources to pay much attention.

Most American FI's are working to find ways of maintaining our very efficient payments system while mitigating fraud risk. Trying to stay one step ahead of the criminals has proven to be difficult, but I don't think it's impossible to overcome as our technology gets better.

The comments to this entry are closed.