Although it seems to have flown under the mainstream media radar, Wells Fargo reported at least two breaches involving insider wrongdoing in a six-month period.
On November 12, 2009, its subsidiary, Wells Fargo Advisors (WFA) advised the New York State Consumer Protection Board that when a stock broker for Wachovia Security left the firm in June 2008, he took with him the personal information on 1,023 New York residents. Wachovia Security is WFA’s predecessor. According to the notification by Peter L. McCorkell, Senior Company Counsel, WFA only learned of the breach “recently.” The information removed included clients’ names, addresses, Social Security numbers, and brokerage accounts numbers. The employee presumably took the information to use in his new employment.
On April 22, 2010, Wells Fargo again notified the New York State Consumer Protection Board of a breach involving insider wrong doing. According to the letter signed by Brian N. Gentry, Counsel, Wells Fargo was notified by law enforcement that documents containing clients’ names, dates of birth, Social Security numbers, and mortgage loan account numbers were recovered by police during the execution of a search warrant at a former Wells Fargo team member’s home. Five New York State residents were notified of the breach and offered some free credit monitoring services and assistance. “We have taken appropriate action against this individual,” Gentry wrote to NYS. One New Hampshire resident was also notified of the breach, as was one Maryland resident.
Wells Fargo declined to provide additional information on these breaches in terms of the total number of individuals affected by each incident and other details of the breaches, citing company policy “to provide specific information relating to the breach to only those entities as prescribed by law.” The spokesperson did confirm, however, that the two breaches were unrelated and stated that there has been no indication of misuse of the data from either breach.
These latest incidents were not the first nor last instances of reported insider wrongdoing at Wells Fargo. In May 2008, the firm notified New Hampshire that an employee had misused a customer’s account information. In August 2009, a bank call center employee was arrested for accessing customer accounts and removing money to pay her own bills. And last week, a customer sued Wells Fargo and one of its employees, alleging that a customer service representative named Michael in Wells Fargo’s Home Mortgage division had demanded “phone fun” with him as a prerequisite for correcting an error in her account. In a statement e-mailed to the Huffington Post, a spokesperson said the bank “takes the allegations seriously and will investigate and respond appropriately.”
Update: I forgot to link to the reports from NYS that I uploaded to this site for the Nov 2009 and April 2010 notifications. You can find them here.