Bank of America settles Countrywide data theft suits

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.latimes.com/business/la-fi-countrywide-20100824,0,5710799.story

The bank will provide free credit monitoring, identity theft insurance
and reimbursement for losses to as many as 17 million consumers who
dealt with its mortgage unit.

Settling the biggest reported case of data theft by a financial
insider, Bank of America Corp. will provide free credit monitoring,
identity theft insurance and reimbursement for losses to as many as 17
million consumers who dealt with its Countrywide Financial mortgage
unit.

The agreement was approved Monday by a federal judge in Kentucky. Bank
of America, which acquired Countrywide in 2008, denied all allegations
of wrongdoing, saying it had settled only to "avoid the additional
expense and uncertainty of further litigation."

The accord settles more than 30 lawsuits, including nationwide class
actions, filed after the August 2008 arrest of Rene L. Rebollo Jr. of
Pasadena, who worked for Countrywide's subprime division, Full
Spectrum Lending. Federal authorities said at the time that he
downloaded customer files, including Social Security numbers, from the
company's computers onto thumb drives and sold the information to
employees of other mortgage lenders for use as sales leads.

Rebollo has pleaded not guilty to charges of fraud, unauthorized
access to the computer of a financial institution, illegal use of
confidential information, and disclosing Social Security numbers. His
trial is scheduled to begin Oct. 19 before U.S. District Judge
Christina A. Snyder in Los Angeles. He is free on bond.

In the aftermath of Rebollo's arrest, Bank of America offered free
credit monitoring to 2.5 million customers of Countrywide, bank
spokeswoman Shirley Norton said.

Under the terms of the settlement, those customers and roughly 15
million additional Countrywide borrowers and mortgage applicants will
be offered credit monitoring, identity theft insurance and
reimbursement for losses of up to $50,000.

Norton said she didn't know how many people had reported actual
financial breaches stemming from the data theft or how much the
settlement would cost the bank. The company already is reviewing some
claims, she said, adding that there was "no real way to tell until we
have the final tally."

Claims may be made by anyone who provided private information to
Countrywide before July 1, 2008, or who had a mortgage that was
serviced by Countrywide before that date.

Details are available at http://www.CWdataclaims.com or by calling
(866) 940-3612. The earliest date that claims can be filed is Sept. 7.

The Countrywide incident is one of 34 publicly reported data breaches
since 2005 involving insiders at financial institutions, according to
the Privacy Rights Clearinghouse in San Diego.

The largest previously reported case, involving information about 8.5
million customers of a Fidelity National Information Services
subsidiary, occurred in July 2007.

"This blows that one completely out of the water," said Rainey
Reitman, a spokeswoman for the nonprofit group. All the other cases
combined of data breaches by financial insiders involved information
on about 11 million people, she said.

Joanne McNabb, chief of the California Office of Privacy Protection,
said anyone notified about the data breach should take it seriously. A
primer on what to do is available at the state agency's website,
http://www.privacy.ca.gov. Click on "Identity Theft" and then on the
red-letter "Security Breach First Steps."

The Countrywide case is disconcerting because it wasn't the result of
accident or oversight, McNabb said.

"It's not like things leaked out," she said. "They were snatched."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php