Wells Fargo Customer Data Breached – How Did Cyber-Criminals Get The Access Codes? – Why No Strong Authentication? - Privacy and Identity Theft

Wells Fargo Customer Data Breached – How Did Cyber-Criminals Get The Access Codes? – Why No Strong Authentication?

Cyber criminals somehow acquired Wells Fargo “access codes” to consumer credit bureau MicroBilt, and logged in and mined the personal data of thousands of individuals. Information accessed included names, social security numbers and addresses.

Here is a link to a notification letter that was sent to the New Hampshire Attorney General on July 31, 2008. What’s ironic is that MicroBilt sells consumer “red flag” identity theft detection services.

One wonders how these “access codes” (I assume this means passwords) were obtained by non-Wells Fargo employees. Could there have been a spear-phishing campaign into the bank to get these access codes? Could there be malware on some Wells Fargo internal computers that is keylogging passwords?

This also highlights the continued need for strong 2-factor authentication to networks and websites. As the world goes more to Software As A Service (SaaS), an increasing number of web services will be hosting critical customer data.

This entry was posted on Wednesday, August 13th, 2008 at 1:04 pm and is filed under ID Theft, eCrime. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Wells Fargo Customer Data Breached – How Did Cyber-Criminals Get The Access Codes? – Why No Strong Authentication?”

Idenity Theft Says:
August 15th, 2008 at 9:25 am
Our lives and all our data are in the hands of so many different companies is it scary. There is nothing we can do to guarantee our personal data will not be stolen.

Leave a Reply