This is unbelieveable. Check out the official comment about how they "hoped it fell into a garbage can."
ABN Amro loses tape with data on 2 million mortgage customers; claims no customer identities compromised
By Tom Henderson Dec. 16, 2005 11:09 AM
ABN Amro Mortgage Group Inc., a subsidiary of Chicago-based LaSalle Bank Corp., admitted Friday that it had lost a computer tape nearly a month ago containing data for about 2 million residential-mortgage customers.
Data on the tape included the names of the customers, payment histories, account information and Social Security numbers.
About 320,000 are customers of Troy-based LaSalle Bank Midwest, which changed its name from Standard Federal Bank in September.
The company said the tape was lost while being transported by DHL from the mortgage company’s data-processing center in Chicago to a center in Allen, Texas, operated by Experian, one of the national credit-reporting agencies.
A package containing the tape was picked up Nov. 18 and never arrived at the Experian site. In the news release issued by ABN Amro Mortgage, no explanation was given for the delay between the time the tape was sent and the acknowledgment that it was missing.
“There have been no reports of anybody’s identity being compromised. Our hope is when it was lost, it fell into a garbage can or something,” said Robert Darmanin, vice president and director of corporate relations for LaSalle Bank Midwest. “We couldn’t be more disappointed.”
Thomas Goldstein, chairman and CEO of ABN Amro Mortgage, said in a statement, “We understand that this incident may cause concern for our customers, and we deeply regret that it has occurred. We have been notifying our customers and are dedicating resources to assist them and to answer any questions they have.”
Goldstein said the company is offering to enroll its mortgage customers in a credit-monitoring service of their choice for 90 days at no cost to them. He also said the company no longer delivers physical copies of data but transmits them by encrypted electronic means.
Darmanin said the tape was a copy and said the bank has lost no information.
To enter a coupon code in your post please enter the following info:
Coupon Code:
Coupon Offer:
Merchant:
Expires (optional):
Restrictions (optional):
saving...
Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.
Yeah. So much for the whole idea of being safe by not showing your id to the cashier, eh?
Why did they delay? Hmmmm, partly the old "bury bad news on Friday" and a desire to avoid for as long as possible those pesky new reporting requirements.
unknownshopper said:Yeah. So much for the whole idea of being safe by not showing your id to the cashier, eh?
Why did they delay? Hmmmm, partly the old "bury bad news on Friday" and a desire to avoid for as long as possible those pesky new reporting requirements.
1) The delay pisses me off. You are absolutely right.
2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way.
3) I want to know if the data was encrypted or not.
4) The following quote caused me to literally see red after reading it: “There have been no reports of anybody’s identity being compromised. Our hope is when it was lost, it fell into a garbage can or something,” said Robert Darmanin, vice president and director of corporate relations for LaSalle Bank Midwest.
unknownshopper said:Yeah. So much for the whole idea of being safe by not showing your id to the cashier, eh?
Why did they delay? Hmmmm, partly the old "bury bad news on Friday" and a desire to avoid for as long as possible those pesky new reporting requirements.
I don't think anyone has argued you are "safe" if you don't show your ID to a cashier. I think you are safer. Kind of like wearing a seatbelt, it doesn't make you safe but I think it adds to your safety.
Sending unencrypted tapes around the country by mail is just asking for trouble. How long is it going to be before the banks start being held responsible for the damage they cause thru their careless disregard for their customer's personal information?
News articles like this should be printed and saved for the day you have fraudulent activity on one of your accounts and the bank tries to say it must have been your fault because their have such wonderful security measures in place.
dweick said:unknownshopper said:Yeah. So much for the whole idea of being safe by not showing your id to the cashier, eh?
Why did they delay? Hmmmm, partly the old "bury bad news on Friday" and a desire to avoid for as long as possible those pesky new reporting requirements.
I don't think anyone has argued you are "safe" if you don't show your ID to a cashier. I think you are safer. Kind of like wearing a seatbelt, it doesn't make you safe but I think it adds to your safety.
Sending unencrypted tapes around the country by mail is just asking for trouble. How long is it going to be before the banks start being held responsible for the damage they cause thru their careless disregard for their customer's personal information?
News articles like this should be printed and saved for the day you have fraudulent activity on one of your accounts and the bank tries to say it must have been your fault because their have such wonderful security measures in place.
Absolutely.
The banks might as well strap your data on the leg of a carrier pigeon, in the form of writings on napkin, and send the pigeon on its way. It's totally unacceptable and ridiculous.
I hope there is a severe and swift market punishment of ABN AMRO/Lasalle Bank for being so stupid.
Also, if any data is used for illegal purposes, the bank should bear full responsibility for restoring ny financial losses that occur, and repairing credit damage. That's the bare minimum. Arguably, they should be financially punished just for being so sloppy and casual in the way they handled this data.
dweick said:I don't think anyone has argued you are "safe" if you don't show your ID to a cashier. I think you are safer. Kind of like wearing a seatbelt, it doesn't make you safe but I think it adds to your safety.
I agree. I was just yanking your chain.
"2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way. 3) I want to know if the data was encrypted or not."
I probably could find out the exact behind-the-scenes deatils, but I think you already know the answers to your questions.
Look at it this way. Think of how many Xbox 360's went "missing" during the launch and have disappeared in shipment. With data tapes/carts, you're talking something about the same size, but arguably worth much much more. Not to say we should ignore the issue, but to provide a similar situation which frequently is exploited.
Unfortunately, ain't nuthin gonna change until the cost of doing something is less than the cost of doing nothing.
BankruptThem said:The banks might as well strap your data on the leg of a carrier pigeon, in the form of writings on napkin, and send the pigeon on its way. It's totally unacceptable and ridiculous.
I hope there is a severe and swift market punishment of ABN AMRO/Lasalle Bank for being so stupid.
Also, if any data is used for illegal purposes, the bank should bear full responsibility for restoring ny financial losses that occur, and repairing credit damage.
1. If they could save a buck that way they would. 2. There won't be. And posting the story right before lunch on a Friday just helps to ensure that. 3. Not in this Congress.
edit: FWIW, thanks for using "loses" and not "looses" in your title.
I have mortgage account with them, and if they had notified the incident to their customers,i do not know about it. also to think that they only offer credit monitoring service for 90 days is rediculous, most crimes would occur long after that as we would loose our guard with time span, not in the first few months when the news is still so fresh to us. not long ago ameritrade also lost computer tape and they offered to monitor my credits for a year, i've since checked my accounts closely.
given the inaction of the federal regulatory agencies, is there any chance of starting a class action lawsuit? Perhaps a lawyer can weigh in. The argument would be negligence for using such sloppy mailing systems. Or is using DHL to transfer sensitive data considered industry practice? IF it is, we have a larger problem.
I do backups in my company and our offsite provider picks up the tapes once a month and signs for every single one. The bad thing is that in most cases the data is stored as UNIX tar files, which are like zip files and can be opened with a variety of free programs.
You can encrypt it, but many companies don't do it because it adds to the restore time. If a disaster happens you have people calling you every 5 minutes asking how long is it until data is restored.
1. They waited almost a month to act? 2. They are offering a lousy three months of credit monitoring as a result? 3. How on earth could something this sensitive fall into a garbage can? Did they pile up a bunch of tapes in the back of a truc, loose?
zuttopretear said:I have mortgage account with them, and if they had notified the incident to their customers,i do not know about it
Don't worry, you'll get your letter by New Year's.
also to think that they only offer credit monitoring service for 90 days is rediculous, most crimes would occur long after that as we would loose our guard with time span
Today's thieves are very quick, they can steal 2 million identities in no time at all.
BankruptThem said: 2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way.
I'm curious what you would suggest as a good way to ship sensitive data. I would not think it to be unreasonable to argue that DHL is more secure than the USPS, but how many people mail tax returns?
ciba said:BankruptThem said: 2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way.
I'm curious what you would suggest as a good way to ship sensitive data. I would not think it to be unreasonable to argue that DHL is more secure than the USPS, but how many people mail tax returns?
You're joking, right?
Even a 7-11 sends a safe-load of cash by armored car.
We're talking about 2 million account numbers/social security numbers/d.o.b.'s,etc. here.
ciba said:BankruptThem said: 2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way.
I'm curious what you would suggest as a good way to ship sensitive data. I would not think it to be unreasonable to argue that DHL is more secure than the USPS, but how many people mail tax returns?
USPS Registered Mail
Encrypt the data, if you can't encrypt it then at least put it in packaging that is tamper resistant so you can tell if someone mucked with it in transit.
I've heard that the US Government sends classified info via registered mail, but not 100% sure. DHL is pretty secure since it is supposedly scanned along the way. Backup tapes are not the same as cash, but I'm surprised they don't have pickups by Iron Mountain. They are a huge player in the business.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
