by: Sonny Zulhuda
In my last post I made note about why banks should or must care to protect the personal data with them. In this post I just want to put that note in real perspective, learning from real cases and incidents involving major banks in the world.
First, it was reported that Citigroup breach exposed data on 210,000 customers (here for the full report)
Citigroup admitted Wednesday (June 8th, 2011) that an attack on its website allo
wed hackers to view customers’ names, account numbers and contact information such as email addresses for about 210,000 of its cardholders in North America. Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks. The email addresses, for example, could be used to send “phishing” messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.
Second, you’ll see how Data breaches lead to massive fines for three HSBC firms (here for the report)
Three HSBC firms have been fined more than £3 million by the Financial Services Authority (FSA) for failing to secure customer data. The FSA claimed the three firms sent large amounts of unencrypted data – often on discs sent via the post – and staff were untrained on the issue of identity theft. The FSA said that, in April 2007, HSBC Acutaries lost a floppy disk in the post that contained 1,917 pension numbers and addresses. And, in February 2008, HSBC Life lost an unencrypted disk holding data on 180,000 policy holders – also in the post.
Next, the big boys in British bank industry were forced to probe for possible data theft in their outsourcing centres (read it here)
Bloomberg reported that HSBC Holdings Plc, Barclays Plc, and Lloyds TSB Group Plc are investigating claims that customer account details may have been sold by a former call center worker in India to an undercover reporter amid a probe by London police. The breach highlights risks to data as Internet commerce and computer processing increase the amount of customer information exchanged between companies and countries. Visa International Inc. and MasterCard International Inc., the biggest credit-card brands, last week said the FBI was probing a breach that exposed 40 million cards to fraud in what may be the largest such case on record. Working undercover, the Sun reporter was able to buy account details of 1,000 Britons from a former call center worker for $5,000, the newspaper said. The former employee also offered to sell details of mortgages and medical bills.
Last, but not least, the Malaysian story too (get the report here)
Malaysian bank customers have lost RM4mil through phishing (identity fraud) within the first three months of the year alone. There were 457 cases recorded in the first quarter of the year, exceeding the 353 reported for the whole of last year where the victims lost a total of RM1.2mil. In 2009, only 75 cases were reported with total losses of around RM215,000. Federal Commercial Crime Investigations Department director Commissioner Datuk Syed Ismail Syed Azizan said the number of cases reported this year had reached a record high with authorities and the banking industry being almost powerless to curb it.