Following the theft of a Wells Fargo computer the bank has announced yet another leak of client data. It is the fourth such incident to affect the bank since late 2003. However, the bank has no plans to improve its security measures, instead making money out of such incidents by charging its customers for services to prevent identity theft. With time, according to experts at InfoWatch, Wells Fargo’s strategy is likely to drive its clients away from the bank.
For the fourth time in the last 30 months Wells Fargo has had to notify its clients that their private data has been compromised. This time confidential information on mortgage customers and potential clients was lost following the theft of one of the bank’s computers.
San Francisco-based Wells Fargo posted a statement on its Web site saying that a computer belonging to its mortgage group had been reported as missing while being transported between two of the bank’s facilities by a shipping company. To all intents and purposes, it appears the shipping company was to blame.
There is little doubt, however, that the computer was stolen. It has been confirmed that the PC contained the names, addresses, Social Security and bank account numbers, as well as other private details of Wells Fargo clients. A bank spokesperson said the stolen computer “has two layers of security”, but did not elaborate.
The bank has begun informing all those affected, informing them how to go about minimizing the risks of identity theft. All the victims will also receive one year of free credit monitoring services. The bank has declined, however, to reveal how many people were affected.
Wells Fargo was initially asked by the law enforcement agencies to delay an announcement about the incident in the interests of the investigation. The investigators believe the computer was stolen for the hardware rather than the information it contained.
The incident is the latest in a series of similar data leaks that have affected the company in recent years. In November 2003, the names, addresses and Social Security numbers of thousands of Wells Fargo customers were compromised when a burglar broke into the office of a consultant working for the bank and stole a computer containing the data.
A year later, in November 2004, the company announced that three laptops and one desktop computer containing personal data on thousands of the bank’s borrowers were stolen from a subcontractor. That incident prompted two of the affected individuals to sue the bank for negligence and breach of contract. The case was decided in the bank’s favor in March.
Then, in February 2004, a laptop containing confidential information on more than 35,000 Wells Fargo customers was lost by a company employee when it was left in a car that was stolen from a gas station.
One unfortunate Hewlett Packard employee, who was a victim of a data leak following a laptop theft at Fidelity Investments, has also been affected by the latest Wells Fargo incident. The jinxed HP worker complained about his luck on the IT news site The Register.
Despite all the leaks that have affected Wells Fargo, the bank appears to have no intention of taking measures to protect its clients’ private data. In fact, the company has even started making money by providing credit monitoring services to avert identity theft.
“After over 100 years in business Wells Fargo is famous around the world. However, recent events raise doubts as to whether the bank realizes just how detrimental making money out of its own lack of security is. Those clients affected by leaks know that they will need further monitoring after the one year of free credit monitoring services expires. Naturally, they will have to pay Wells Fargo for that service out of their own pockets. Meanwhile, the bank has valued its services above that of the average market rate. Wouldn’t it just be easier for customers to change their banks? I think they will start doing so in the near future. After all, other banks lose private data nowhere near as regularly as Wells Fargo,” Denis Zenkin, marketing director at InfoWatch, points out.
Source: ComputerWorld