Thursday, May 25, 2006

[political-research] Re: Sic Semper Tyrannis 2006: The VA Data Theft (et al)

(Now if this doesn't make your feelers go up, nothing will.) After
doing a search on the Net for the Bank of America laptop theft I
referenced earlier, I found an article about the same laptop
scenario involving a completely different incident. (Yes, that's
right folks: same stolen laptop scenario, SAME bank, DIFFERENT
incidents!)

The story below references a theft which happened on August 29,
2005. I dug through my files today and found my "stolen laptop"
letter and it's dated June 20, 2005—a full two months before the
August theft.

Here's some (laughable) excerpts from my letter:

"Dear [Name]:

"...we regret to inform you that we recently learned some of your
customer information was on a Bank of America laptop computer that
was stolen.

[...]

"...we have no evidence to indicate that your customer information
has been accessed or reviewed by an unauthorized third-party.

[...]

"We have been working with law enforcement and have conducted our
own internal investigations to help protect and minimize the impact
to you. We have also thoroughly reviewed your accounts at Bank of
America and have not detected any unauthorized transactions on your
accounts to date. To ensure peace of mind, we are offering you one
year of complimentary credit-monitoring to help detect fraudulent
activity affecting your credit."

Okay, so here's just a few of MANY "stupid" questions I have now:

1. How did the bank assess that there were no unauthorized
transactions on my account without consulting me first?

2. Why do banks (and other institutions entrusted with our most
valuable information) allow personal identifying information to walk
out the door on (unsecured!) employee laptops?

3. Is this standard practice?

4. Why, after the initial incident happened, would the bank still
allow an (ADMITTEDLY unencrypted!) laptop to walk out the door (only
to be stolen AGAIN)?!

5. This is the 21st century. Shouldn't a bank have better security
when protecting its customer databases?

6. (Here's where my computer illiteracy shows.) In reference to
the VA theft, how could one laptop contain such a large database—
26.5 million names, addresses, SSNs, dates of service, etc., etc.?
(To all you computer nerds out there: is this likely, unlikely?
How much memory would that require?)

I'm with the blogger who speculated "the 'burglar' knew exactly what
he was looking for." (Remember, these institutions have been playing
this off as though the thieves were only after the laptop [although
most stories have the laptop being recovered].)

Could this admission in my banks letter be the key to what's REALLY
going on here?

"We have been working with law enforcement and have conducted our
own internal investigations to help protect and minimize the impact
to you."

Are they just covering their asses so when the truth comes out about
them giving our private information to the government, like with the
major phone companies with the NSA, they can say they had the
premise in which to do so? (Hm.)

Sounds like a massive data mining of American citizens is
underway... or... something. I'm perplexed.

-------------------------------------------------------------------

Bank of America notifying customers after laptop theft

Robert McMillan

http://ad.doubleclick.net/click;h=v5|33ef|0|0|%2a|u;33581388;0-
0;0;12718548;4252-336|280;16510405|16528300|1;;~sscs=%
3fhttp://www.facetime.com/ad1a

October 07, 2005 (IDG News Service) Users of the Bank of America
Corp.'s Visa Buxx prepaid debit cards are being warned that they may
have had sensitive information compromised after the theft of an
unencrypted laptop computer.

In a letters sent to Buxx users and dated Sept. 23, the Charlotte,
N.C.-based bank warned that customers may have had their bank
account numbers, routing transit numbers, names and credit card
numbers compromised by the theft. Visa Buxx was a prepaid credit
card for teenagers that the Bank of America stopped selling in
January.

The laptop, which belonged to an unnamed Bank of America service
provider, was stolen Aug. 29, said Diane Wagner, a company
spokeswoman. The bank was notified of the theft Sept. 9 and began
sending out the letters after a two-week investigation, she said.
Though the information on the laptop would not have been easily
accessible to thieves, it wasn't encrypted, Wagner said. The bank
has been monitoring the affected accounts and hasn't observed any
signs of fraud. "We have no evidence that an unauthorized person has
accessed or even reviewed that customer information," she said.

Wagner refused to offer many details on the theft, which was
reported today in the San Francisco Chronicle. She declined to name
the service provider, say how many Bank of America customers had
been affected or even confirm that the theft had occurred within the
U.S.

This isn't the first time Bank of America has had to notify account
holders of identity theft. In March, it confirmed that information
on about 60,000 of its customers had been stolen by an identity-
theft ring.

The March disclosure came just a month after the company revealed
that it had lost digital tapes containing the credit card account
records of 1.2 million U.S. federal employees (see "Data snafus spur
IT action: Bank mishap prompts call for network backup").

--- In political-research@yahoogroups.com, Sean McBride
<smcbride2@...> wrote:
>
>
>
<http://turcopolier.typepad.com/sic_semper_tyrannis/2006/05/the_va_da
ta_the.html>
>
>
_____________________________________________________________________
___
> Save and share anything you find online - Furl @
http://www.furl.net
>

------------------------ Yahoo! Groups Sponsor --------------------~-->
You can search right from your browser? It's easy and it's free. See how.
http://us.click.yahoo.com/_7bhrC/NGxNAA/yQLSAA/TySplB/TM
--------------------------------------------------------------------~->

Search the archives for political-research at http://www.terazen.com/

Subscribe to the RSS feed for political-research at http://rss.groups.yahoo.com/group/political-research/rss

Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/political-research/

<*> To unsubscribe from this group, send an email to:
political-research-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

No comments: