Wells Fargo Not Required to Encrypt Data

["Fergie" <fergdawg () netzero net>]

Via C|Net.

[snip]

Wells Fargo had hired Regulus Integrated Solutions to print monthly statements for certain customers who had mortgages 
and student loans from its subsidiaries. In October 2004, thieves stole computers from Regulus with unencrypted 
customer information including names, addresses, Social Security numbers and account numbers.

A few weeks later, Wells Fargo alerted its customers and offered to provide identity protection services.

There has never been any indication to date that thieves did anything with the data (in other words, they appear to 
have been after the computer hardware instead).

Nevertheless, two of the bank's customers, Kristine Forbes and Morgan Koop, filed a class action suit anyway. They 
claimed that Wells Fargo was liable for emotional distress (including fear, anxiety and worry), negligence, breach of 
contract and breach of fiduciary duty. Forbes and Koop claimed that Wells Fargo owed them a cash payout because they 
had to spend extra time monitoring their credit reports.

[snip]

More:
http://news.com.com/2100-1030_3-6061400.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.