Wells Fargo Reveals Data BreachThousands of Consumer Records Compromised by Data Theft from Vendor
Wells Fargo says it was notified on July 1 by MicroBilt, an online consumer and commercial credit bureau information provider, that someone had used a Wells Fargo access code to obtain data on 7,000 consumers from its computers. MicroBilt, located in Kennesaw, GA, says that because of the ongoing law enforcement investigation, they are unable to comment about any details of the case. According to Mary Berg, a Wells Fargo spokesperson, Wells Fargo immediately launched a full-scale investigation into how the information was breached and notified the US Secret Service about the data theft.
MicroBilt provides consumer information to Wells Fargo and other banks and businesses, and interfaces with the three consumer credit bureaus: Equifax, Experian and Trans Union. The data breached was for the time period between May and June 2008, says Berg. The two companies (Wells Fargo and MicroBilt) say that business between the two companies has been suspended by mutual agreement.
Berg would not comment on the investigation, but notes Wells Fargo's information security is looking into the loan application area of the bank. "So far, we do not know how this person or persons gained access to the codes. They may have gotten hold of an employee's access credentials," Berg says.
MicroBilt's spokesperson says that law enforcement investigation is looking both internally and externally for how the data was taken. Berg didn't want to comment on what led MicroBilt to become suspicious about the data accessed.
After the breach was discovered, Berg said MicroBilt sent a list of about 7,000 names that had information taken in the data theft. "We whittled that list down after taking out duplicate names and now have about 5,000 names." Wells Fargo decided despite the ongoing law enforcement investigation to go ahead and notify all of the affected consumers, even though there are only a few of them that are Wells Fargo customers. Berg wasn't able to give exact numbers because of the investigation. Each victim will receive one year of identity theft protection service, and Berg says Wells Fargo took this step -- even though many aren't Wells Fargo customers -- because it is the company's responsibility to protect them. "We're doing what we can to alert them so they can protect their accounts," Berg says.
This is the second data breach at a financial services company revealed in August. On August 1, two men were arrested by the FBI in Los Angeles on charges of downloading and selling the identities of mortgage lender Countrywide loan applicants. (SEE RELATED STORY: Identity Theft: Lender Countrywide's Insider Case).