Two Million Customer Records Stolen On Flash Drives - Countrywide
As if mortgage lenders needed any more bad publicity. An employee at Countrywide stole 20K records a week for two years and was selling them to a third party. The FBI agent assigned to the case stated that Countrywide sealed off USB ports on employee systems (probably with Super Glue), however the employee found a system that did not have its USB ports sealed
Rene Rebollo Jr., 36, a former senior financial analyst with Countrywide Home Loan’s subprime mortgage division found a machine. Every Sunday night for about two years, Rebollo brought a flash drive over to that machine and downloaded personal information on approximately 20,000 customers.
Countrywide had not deployed any method for detecting or managing downloads to portable storage devices, since its policy was to block their use entirely on all employee machines. As a result, the downloads went undetected for years, leading to the compromise of some 2 million records, according to court documents. It is estimated from his bank records that he made about $70,000 from the selling of customer data.
The interesting point here is that it went undetected for years, one wonders how many other personal details are finding their way to USB flash drives around the world. There is an obvious financial motivation to sell the data and it is easy to steal from behind the firewall.