A simple theft nets Wells a world of woe Break-in behind bar puts clients' data at risk

SF Chronicle ^ | Friday, November 21, 2003 | David Lazarus

[shadowman99]

A thief has stolen the names, addresses and Social Security numbers of thousands of Wells Fargo customers nationwide after breaking into the office of an East Bay business consultant and swiping his computers.

Wells Fargo is refusing to discuss details of the theft earlier this month or why the bank made such extensive information available to an outside contractor. Wells says the thief may not know that one of the stolen computers holds reams of proprietary data.

[shadowman99]

I'm one of the people who's name and personal info was stolen. I recieved a happygram from Wells Fargo Monday telling me not to worry that all of my personal info was stolen in a nice neat package for an identity thief to use.

It's nice that I can trust my banker with my personal info. The irony is I'm sure if I walked into a branch and requested a copy of my personal record I would be told to take a leap. Yet that info was given to some guy who has an office behind a sports bar.

And I'm to believe that Wells Fargo take Information Security seriously? BS!!!

I didn't think Wells Fargo could disclose my info without my signature on a HUBA form. I might need a lawyer.

[Blue Screen of Death]

Woo Ho!

[palmer]

"It's outrageous," Thompson said. "My Social Security number is now out. This will affect me for the rest of my life."

My Social Security Number: How Secure Is It?

[lelio]

And I'm to believe that Wells Fargo take Information Security seriously?

Just wait till they outsource everything to India. Getting a Wells Happygram will be a daily occurance.

[dirtboy]

And I'm to believe that Wells Fargo take Information Security seriously? BS!!!

Some banks do, some don't. I currently work for a bank with a very dedicated Vendor Security department that reviews the on-site security with all potential vendors prior to their doing business with us. However, in my previous position, I received customer lists with millions of account records from three large banks, in an company with minimal security (a basic home-alarm system and a couple of locked doors). I always imagined that their customers would have had kittens if they had known how nonchalant the banks were with their account data (and we're talking ALL account data except for transactional detail).

Most banks, however, are getting a lot more serious about vendor security nowadays - this incident with Wells Fargo should impel all banks to be more careful where they send their customer info.

[proxy_user]

Surely this guy could have made his predictions about revenue from a marketing scheme, without knowing the customers SSNs. Looks like Wells Fargo was just too lazy to strip the file down to the data he really needed.

At my bank, we try to keep SSNs out of sight.

[zygoat]

My girlfriend works at Wells Fargo (treasury division). We usually trade e-mails during the day, when I'm not working. I have recieved a few from her today, but my responses have not reached her. The last one I recieved was about 5 hours ago.I wonder if they're tightening ship?