Suspicious transactions made with Wells Fargo access codes
Technorati Tag: Security Breach
Date Reported:
7/31/08
Organization:
Wells Fargo & Company
Contractor/Consultant/Branch:
"reseller of consumer data, including consumer credit bureau data"
Victims:
Customers
Number Affected:
"About 7,000"
Types of Data:
personal information including name, address, and date of birth, social security number, and driver's license number and, in some cases, credit account information"
Breach Description:
"Wells Fargo Bank, N.A. has been advised by a reseller of consumer data, including consumer credit bureau data, of suspicious transactions made using Wells Fargo access codes."
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
Wells Fargo Bank, N.A. has been advised by a reseller of consumer data, including consumer credit bureau data, of suspicious transactions made using Wells Fargo access codes.
[Evan] Who do you suppose the "reseller of consumer data, including credit bureau data" is? I think the biggest reseller of consumer data is any one of the three credit bureaus, TransUnion, Equifax, and/or Experian.
Our investigation confirmed that a significant number of unauthorized transactions had been made using Well Fargo's codes.
[Evan] This is obvious, but the fact that transactions had been made means that fraud has already been committed.
At this time, we do not know how our codes were compromised.
[Evan] This is a problem! Wells Fargo deserves some credit for honesty.
We have notified the United States Secret Service and it is investigating this matter.
The information currently available to us indicates that personal information including name, address, and date of birth, social security number, and driver's license number and, in some cases, credit account information was accessed by an unauthorized person or persons.
About 7,000 individuals are affected by this incident.
At this time we have apparently mailable address for only 2,410
[Evan] At the time of data collection, I would think that 90% of the addresses were mailable. The fact that less than 35% are mailable now leads me to question how old the data is.
We are attempting to find usable addresses for the remaining affected individuals
We wanted to advise you of this as soon as possible so you can take the actions describer in this letter and the enclosed information sheet to protect yourself against possible misuse of your information.
We are working with the credit bureaus to ensure that any unauthorized inquiries under Wells Fargo's name will not affect your credit rating.
To further protect you, we have arranged for a free one-year membership to Identity Guard CreditProtectX3.
[Evan] CreditProtectX3 sounds like some serious protection! The Privacy Rights Clearinghouse wrote an informative article "Straight Talk about Identity Theft Monitoring Services". It’s worth the read.
To sign up for this service at no cost to you, please take one of the following actions by September 15, 2008:
At Wells Fargo we take significant steps to safeguard consumer information.
We apologize that this situation has occurred and for any concern it may cause you.
If you have any questions, please call 1-, beginning Friday, August 1, 2008. Phone Bankers are available to assist you Tuesday through Friday 9:00am and 6:00pm, Pacific Time.
Commentary:
In my opinion, Wells Fargo is a very well managed company. It is hard to comment much about this breach when there is so little detail known about how it occurred. Was this the work of an insider? Only time may tell.
A friend over at Merchant911 reported some weird happenings in regards to Wells Fargo in early July, and actually emailed me in May about it. I didn't have enough time to investigate and didn't connect the dots. Read Merchant911's post (minus the first paragraph). I'm not sure it's related, but it’s a good read nonetheless.
Past Breaches:
May, 2008 - Employee fraud at Wells Fargo Home Mortgage affects some customers
Date Reported:7/31/08
Organization:
Wells Fargo & Company
Contractor/Consultant/Branch:
"reseller of consumer data, including consumer credit bureau data"
Victims:
Customers
Number Affected:
"About 7,000"
Types of Data:
personal information including name, address, and date of birth, social security number, and driver's license number and, in some cases, credit account information"
Breach Description:
"Wells Fargo Bank, N.A. has been advised by a reseller of consumer data, including consumer credit bureau data, of suspicious transactions made using Wells Fargo access codes."
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
Wells Fargo Bank, N.A. has been advised by a reseller of consumer data, including consumer credit bureau data, of suspicious transactions made using Wells Fargo access codes.
[Evan] Who do you suppose the "reseller of consumer data, including credit bureau data" is? I think the biggest reseller of consumer data is any one of the three credit bureaus, TransUnion, Equifax, and/or Experian.
Our investigation confirmed that a significant number of unauthorized transactions had been made using Well Fargo's codes.
[Evan] This is obvious, but the fact that transactions had been made means that fraud has already been committed.
At this time, we do not know how our codes were compromised.
[Evan] This is a problem! Wells Fargo deserves some credit for honesty.
We have notified the United States Secret Service and it is investigating this matter.
The information currently available to us indicates that personal information including name, address, and date of birth, social security number, and driver's license number and, in some cases, credit account information was accessed by an unauthorized person or persons.
About 7,000 individuals are affected by this incident.
At this time we have apparently mailable address for only 2,410
[Evan] At the time of data collection, I would think that 90% of the addresses were mailable. The fact that less than 35% are mailable now leads me to question how old the data is.
We are attempting to find usable addresses for the remaining affected individuals
We wanted to advise you of this as soon as possible so you can take the actions describer in this letter and the enclosed information sheet to protect yourself against possible misuse of your information.
We are working with the credit bureaus to ensure that any unauthorized inquiries under Wells Fargo's name will not affect your credit rating.
To further protect you, we have arranged for a free one-year membership to Identity Guard CreditProtectX3.
[Evan] CreditProtectX3 sounds like some serious protection! The Privacy Rights Clearinghouse wrote an informative article "Straight Talk about Identity Theft Monitoring Services". It’s worth the read.
To sign up for this service at no cost to you, please take one of the following actions by September 15, 2008:
- Visit www.identityguard.com/alert or
- Call 1-
At Wells Fargo we take significant steps to safeguard consumer information.
We apologize that this situation has occurred and for any concern it may cause you.
If you have any questions, please call 1-, beginning Friday, August 1, 2008. Phone Bankers are available to assist you Tuesday through Friday 9:00am and 6:00pm, Pacific Time.
Commentary:
In my opinion, Wells Fargo is a very well managed company. It is hard to comment much about this breach when there is so little detail known about how it occurred. Was this the work of an insider? Only time may tell.
A friend over at Merchant911 reported some weird happenings in regards to Wells Fargo in early July, and actually emailed me in May about it. I didn't have enough time to investigate and didn't connect the dots. Read Merchant911's post (minus the first paragraph). I'm not sure it's related, but it’s a good read nonetheless.
Past Breaches:
May, 2008 - Employee fraud at Wells Fargo Home Mortgage affects some customers
Posts Atom 1.0
After just being taken for over $20,000 - I'm trying to learn more about this investigation.
Reply to this
I received a letter and a new debit card yesterday but the letter did not mention anything about the membership to Identityguard. It did tell me how to place a security alert on my credit bureau account. When I called to find out why I was getting this I was given the gee I can't really say for sure what happened thing.
Reply to this