Global Secure Systems - IT security oversight may have enabled data breach

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

• 2010
• 2009 Archive
• 2008 Archive
• 2007 Archive
• 2006 Archive
• 2005 Archive
• 2004 Archive
• 2003 Archive
• 2002 Archive

• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December

About RSS feeds

IT security oversight may have enabled data breach

A former employee accused of stealing customer data from Countrywide Financial Corp. may have been able to download the information to a thumb drive because of an oversight by the home mortgage lender's IT department.

Rene Rebollo, a former financial analyst at Countrywide, was arrested Aug. 1 in Pasadena, Calif., for allegedly stealing and selling the data, which included names, Social Security numbers and contact information.

According to affidavits filed in U.S. District Court in Los Angeles, Rebollo told FBI agents that most of the computers in the office where he worked had a security feature that prevented the use of thumb drives -- but he had found one system that didn't.

He estimated that he downloaded about 20,000 customer profiles weekly over two years, according to the affidavits.

Bank of America Corp., which acquired Countrywide last month, didn't respond to multiple requests for comment about the data thefts and the lender's IT security practices.

Pat Clawson, chairman and CEO of Lumension Security Inc., said companies should scan all network devices to ensure that security controls are in place.

Some organizations have taken far more Draconian steps, he noted, citing federal agencies that filled USB ports with glue to keep them from being used.

Permalink Bookmark Digg this story

  |  About RSS feeds