DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

19 more financial sector breaches from 2009

Posted on February 27, 2010 by Dissent

Maryland has updated its web site to provide breach notifications that it has received since its last update.  The newly posted notifications are for the period ending December 31, 2009, so there will likely be more to come for 2010.

Some of the breaches described in the notifications were reported in the media at the time,  but I spotted a number from the banking/credit/financial sector that had not been reported in the media or on this site at the time.  So here is a brief roundup on another 19 breaches from this sector last year:

  • Ally Bank reported that a former employee had stolen information, including SSN, of two Maryland residents.  This notification was not made publicly available.
  • Ameriprise Financial reported three breaches. In the first, an unnamed third party mailing vendor lost a client’s paperwork containing personal and financial account information. In the second report, Ameriprise Financial reported that they believe that a named former employee had sensitive customer information in his possession and that they were trying to retrieve it through legal processes. In the third incident, Ameriprise Financial reported that client data for two individuals had been mailed to a third client in error.
  • Assurity Financial Services reported unauthorized use of their database, affecting 487 clients.  In a letter to those affected, Assurity writes: This unauthorized individual used customer information to either apply for payday loans or to setup bank accounts to accept the funds from the payday loan.”
  • BB&T Financial, FSB reported a stolen laptop contained names, addresses, and SSN of two Maryland residents, but that notification is not available on the site at this time.
  • BlackRock reported that a third party delivered CDs containing personal shareholder information to another financial institution client in December 2008.   At least a few of that client’s employees accessed the data.  The client realized the mistake, secured the CDs,  purged the data from their system, and returned the CDs to the third party.  They also provided an affidavit that none of the data had been copied, printed, used, or further disseminated.  Under the circumstances, BlackRock determined that this was not a reportable breach but decided to notify anyway.
  • Erisa Pension Systems reported that 330 participants of the First NLC Financial Services, LLC (401)K Plan had their personal and pension information disclosed in an email attachment  sent to to all 330 participants.
  • Evan  Capital Management reported, on behalf of Weatherlow Fund I L.P. that Citco (Canada), the fund’s administrative services provider, had mailed one investor’s Schedule K-1 to another investor by mistake.
  • Experian reported in December that “consumer information was recently accessed online after methods to authenticate their identity were completed successfully by unknown individuals.”   In July, and as previously reported here, they had reported a similar incident, and in February, there had been another incident involving an Experian client accessing consumer data without authorization.
  • GMAC Bank reported that its vendor eLynx made a change in its system. As a result of the software error, the vendor misdelivered document packages to Ally and GMAC customers, resulting in a third party viewing at least some customer’s personal information that included SSN, financial information, and other personal information.  In a second incident,  GMAC Mortgage reported that following a systems change, two individuals were improperly allowed to access mortgage information on two customers.
  • M&T Bank reported that a courier carrying work for a Baltimore branch was robbed.  In the courier’s bag were customers’ checks.
  • Accounting firm Moses, Phillips, Young, Brannon, and Henninger reported that a backup device was stolen by “an opportunistic criminal while in transit.”   Well, that is what the letter to those affected said.  In a cover email to the state, the firm more bluntly stated that the device was stolen from a car.   None of the correspondence, however, indicates precisely what types of client information were on the storage device.
  • The Partnership Federal Credit Union reported that an internal data file had been discovered on a computer outside of the secured network, potentially exposing personal and financial information. The file had been inadvertently left on a computer that was no longer in use.
  • TD Bank, N.A. and T.D. Wealth Management Services reported that a laptop stolen from the office of the Securities and Exchange Commission in Philadelphia contained customer account information, names, and Social Security numbers.  Although the data were encrypted, “it is possible that security access information may also have been stolen with the computer.”  TD was notified of the burglary on June 15, but did not send notices to affected customers until August 31.
  • Telhio Credit Union in Ohio reported that a former employee had downloaded a report with customer personal and financial information before leaving his employment.   The credit union believed that his purpose was to be able to contact his prior clients in furtherance of his career.
  • Virgin Money USA reported that a former employee had accessed personal and financial information from those researching mortgages. Virgin Money believes that the employee’s intention was to generate business for himself and his new employer. Virgin Money had the computers seized, reported the matter to law enforcement, and notified the new employer, who terminated the employee. It is not clear, however, from the notification whether the employee accessed the information while still in Virgin Money’s employ or if he was still able to access information after his termination.
  • Wells Fargo reported that backup hard drive used by its subsidiary Wachovia Dealer Services was stolen from Wachovia’s unnamed law firm’s office.  Data from 953 Maryland residents were on the drive.



Category: Breach IncidentsFinancial SectorOf Note

Post navigation

← 21 more business sector breaches from 2009 (update 2)
Arkansas Guard alerting soldiers of data loss →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.