In the wake of news that a Wells Fargo bank access code had been used to steal thousands of consumers' personal information, the bank has launched a full-scale investigation into the crime.
The code was used to access information from MicroBilt, which describes itself as the "single source industry leader in risk management information" and provides consumer information to Wells Fargo and other banks and businesses, between May and June, Wells Fargo spokeswoman Mary Berg told InternetNews.com.
MicroBilt only notified Wells Fargo on July 1, and both companies told InternetNews.com that they suspended their dealings by mutual agreement. MicroBilt declined further comment because "the incident is under investigation by the Secret Service," a MicroBilt spokesperson said.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iWells Fargo has notified the Secret Service, and is also conducting its own investigation into the matter. While Berg would not say what steps the bank is taking "because the matter is under investigation," she did say that those with the authority to use this type of access code "are the folks who work on loan applications for Wells Fargo."
Data breaches are expensive, and loan applications staff at Wells Fargo are now under a microscope. "We take information security seriously, and we're always on the alert for this kind of thing," Berg said. "We're looking into how someone got hold of that access code."
She declined to say what aroused MicroBilt's suspicions because the matter is under investigation.
Berg said about 5,000 consumers are affected by the breach. "MicroBilt sent us a list of about 7,000 names and, after we took out any duplicate names, the list worked [out] to about 5,000," she added. "We're still working through it and are still notifying consumers," she added.
Only a few of the victims are customers of Wells Fargo, Berg said, but she could not be more exact "because this is under investigation by law enforcement." Wells Fargo has given victims a one-year subscription to identity theft protection service Identity Guard, and is working with the credit bureaus to "make sure that any unauthorized entries won't affect their credit ratings," Berg said.
"We're taking responsibility to protect these people because that's our number one priority, even if they're not our customers," Berg added.
Nine of the victims are New Hampshire residents, Richard Head, an associate attorney general with the New Hampshire Department of Justice, told InternetNews.com. The New Hampshire banking department may look into this breach because the state's laws put banking breaches under its purview, Head added.
The breach at MicroBilt occurred because, like other companies that offer business to business (B2B) services, it uses authentication that generally is considered good enough, Eric Skinner, chief technology officer of security vendor Entrust (NASDAQ: ENTU), told InternetNews.com.