Insider data breach costs Bank of America over $10 million, says Secret Service

A former bank employee provided customer information to people outside the bank, who used the data to steal money from around 300 Bank of America customers in California and other western states.

A report by IDG News Service quoted James Kollar, special agent for the Secret Service in Los Angeles, as estimating that criminals stole at least $10 million from the bank.

The Los Angeles Times reported this week that the criminals were able to obtain names, addresses, social security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, email addresses, mother’s maiden names, PINs, and account balances.

One victim, Andrew Goldstein, had $20,000 taken from his bank account. The criminals ordered new checks for two of Goldstein's three checking accounts. They also arranged with UPS to be able to pick up the checks at a UPS outlet rather than have them delivered to Goldstein's address, the newspaper said.

Next, the perpetrators contacted Goldstein's phone company, Verizon, and arranged for all calls to Goldstein's home to be forwarded to their cell phone. This was apparently intended to prevent the bank from contacting Goldstein once the fraudulent checks started being used, the report noted.

The thieves then called the bank and asked that some of the money in Goldstein's third checking account – the one they hadn't yet accessed – be transferred to one of the accounts they had checks for. Now the scammers had about $23,000 at their fingertips, which they stole through writing bogus checks.

Once the bank discovered the fraud, Goldstein and other victims were reimbursed, the report said.

The FBI and Secret Service has so far arrested 95 suspects in the check scam, according to the newspaper.

What’s Hot on Infosecurity Magazine?