Part of the purpose of this blog is to keep clients up to date on new technologies and current security concerns in and around computer technologies (aka Information Technology or IT). Several years ago an identity theft case was discovered and it is worth re-posting today. The unusual aspect of this heist was that it was a common problem that existed before computers kept track of clients, and it is not so much the responsibility of the computer users, and more so the responsibility of the CIO or COO.
In corporate sales, the most important asset is arguably the client files. Not only do those files contain private information about individuals, but if handed off to a competitor, this information could seriously impact revenue.
Countrywide Home Financial was one of the largest mortgage lenders in the United States. As this company began to lose revenue, and lay off people, it turned out that one employee in sales figured out a way to make money. He sold the client files to Countrywide competitors. He grabbed 20,000 names a week, and sold this bundle for $500. He did this every week for two years. This means that the average sale per address is under three cents.
The breach happened on Sundays at the office. The employee used USB thumb drives:
Rebollo was able to obtain specific types of Countrywide customer data thanks to his access to many of the company’s different databases. He typically accessed the information on Sunday evenings from his workplace. He downloaded the information onto thumb drives. He would then physically sell the drive to people claiming to be data thieves or would email the data, usually in Excel spreadsheets, from a computer at a Kinko’s shop.
The details of the event can be found here.
What was most interesting about this is even if the clients were safe at home with their own private identity, another data breach can happen at the corporate offices. This could have been prevented if Countrywide spent more time with how they stored their client files, and how they were accessed.
While corporations may think that their data is safe, it is always worth while to check with a professional consultancy and see if there are new ways to protect both corporate intellectual property as well as client data.
Contact Menlo Technical Consulting today to see how we can update and secure your corporate data.