The man accused of stealing customer data from Countrywide might have been able to download data to an external drive
CALABASAS, CA – The man accused of stealing customer data from home mortgage lender Countrywide was probably able to download and save the data to an external drive, due to an oversight by the company's IT department.
On August 1, Rene Rebollo, a former senior financial analyst at Countrywide, was arrested for his alleged role in stealing customer data and selling it.
Rebollo told US Federal Bureau of Investigation agents that he had known that the computers in the Countrywide office had security features that restricted downloads of data to an external source, but that he had found one that didn’t. FBI affidavits show Rebollo admits collecting names on request by his buyers and downloading them onto his personal thumb drive using that one computer in the office. Rebollo might have specifically collected names of people who recently declined an offer of a loan by Countrywide, for example.
The accused estimates that, over a two-year period, he downloaded approximately 20,000 customer profiles each week and sold files with that many names for US$500, according to the affidavit. The profiles included Social Security numbers and other personal details.
Countrywide's owner, Bank of America, has not responded to a request for information about the type of security it employs to prevent this type of theft. According to a statement from the FBI last week, Countrywide says it is analysing the stolen data to determine whether any customer identities have been compromised. If they have, the company says it will notify the customers affected.
More on Regulation
Heavy regulatory costs and fragile systems will be problems in 2015
FSCP proposes simplified charges for UK asset management funds
Changing corporate culture will be hard work
A fixed set of weighted criteria can help pick out systemically important banks, according to the EBA
Sign up for Risk.net email alerts
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
Watch discussions and speakers from our North America conference
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.