Want CNET to notify you of price drops and the latest stories?

More arrests promised in bank data theft

Scheme that exposed info on hundreds of thousands of customers at BoA and other banks could end in more arrests.

3 min read
At least two more bank employees will probably be arrested in the coming weeks over a scheme to steal data about customers at four major U.S. banks, a New Jersey police detective said on Monday.

Police in Hackensack, N.J., last month had charged nine people, including seven former bank employees, over the possible compromising of hundreds of thousands of accounts at Bank of America, Wachovia, PNC Financial Services Group and Commerce Bancorp.

At least 60,000 Bank of America and 48,000 Wachovia customers were notified that their accounts might be at risk, spokeswomen for the banks said. More bank customers may also have been affected.

"Sifting through the massive amount of computer information is an arduous task," Hackensack Detective Capt. Frank Lomia said. "We believe there were at least 200,000 to 300,000 breaches, based on financial records we have seen on DRL's computers, and the number could be higher."

The police called the scheme an attempt to steal customer account data and sell the information to collection agencies. There is no sign the breached account data was used to open accounts or obtain loans, a practice known as identity theft.

The alleged leader was Orazio Lembo, who advertised his DRL Associates as a company that could supply bank account, balance and employment information to debt collectors, police said. More than 40 collection agencies and law firms bought the data, which DRL obtained from bank employees, police said.

Lomia said police have largely finished the first phase of the investigation, which involved shutting down Lembo's operations and informing banks of the problem.

The second phase involves examining companies that bought the data, according to Lomia. He said Bergen County prosecutors and federal authorities are involved in the matter.

"We expect at least two more banking people to be arrested," Lomia said.

Data breaches
Those charged earlier include four who worked at Commerce and PNC, two at Wachovia and one at Bank of America. Lembo and a New Jersey Department of Labor manager were also charged.

A published report that said data from 10 banks were involved in the breach is incorrect, Lomia said.

It wasn't immediately clear which federal authorities are involved. U.S. Securities and Exchange Commission spokesman John Nester declined to comment. Calls to Bergen County prosecutors and the U.S. Secret Service were not immediately returned.

The theft is the latest in a series of data breaches involving such companies as ChoicePoint and Reed Elsevier's LexisNexis unit.

It marks at least the second large customer security issue for Bank of America this year. In February, the bank said computer tapes containing Social Security numbers and other credit card data for some 1.2 million U.S. government employees, including some U.S. senators, had disappeared.

In the New Jersey case, Bank of America, the No. 2 U.S. bank, is offering free credit monitoring services to affected customers, spokeswoman Alex Liftman said.

Wachovia, the No. 4 bank, is offering one year of free credit monitoring, and has set up a dedicated phone number for customer inquiries, spokeswoman Christy Phillips said.

Both banks are based in Charlotte, N.C.

As of last Thursday, Pittsburgh-based PNC had notified 12 customers of the breach, spokesman Brian Goerke said.

David Flaherty, a spokesman for Cherry Hill, New Jersey-based Commerce, did not immediately return a call for comment.

Story Copyright © 2005 Reuters Limited. All rights reserved.