The man accused of stealing customer data from Countrywide might have been able to download data to an external drive
CALABASAS, CA – The man accused of stealing customer data from home mortgage lender Countrywide was probably able to download and save the data to an external drive, due to an oversight by the company's IT department.
On August 1, Rene Rebollo, a former senior financial analyst at Countrywide, was arrested for his alleged role in stealing customer data and selling it.
Rebollo told US Federal Bureau of Investigation agents that he had known that the computers in the Countrywide office had security features that restricted downloads of data to an external source, but that he had found one that didn’t. FBI affidavits show Rebollo admits collecting names on request by his buyers and downloading them onto his personal thumb drive using that one computer in the office. Rebollo might have specifically collected names of people who recently declined an offer of a loan by Countrywide, for example.
The accused estimates that, over a two-year period, he downloaded approximately 20,000 customer profiles each week and sold files with that many names for US$500, according to the affidavit. The profiles included Social Security numbers and other personal details.
Countrywide's owner, Bank of America, has not responded to a request for information about the type of security it employs to prevent this type of theft. According to a statement from the FBI last week, Countrywide says it is analysing the stolen data to determine whether any customer identities have been compromised. If they have, the company says it will notify the customers affected.
More on Regulation
SSM chair also wants to end rule opt-outs that make banks "look stronger than they really are"
Dodd-Frank and Mifid II won't stop market disorder but will penalise hedgers
Floors framework should not overstate risk, says Sweden's bank supervision chief
RBS risk veteran says banking activities pose greater threat
Sign up for Risk.net email alerts
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.