Two new reports of stolen customer and employees data were released this morning, following last week’s reports of an intensifying federal investigation of a hacker break-in at LexisNexis.
In one case, former bank employees from Bank of America Corp. and Wachovia Corp. allegedly sold customer account numbers and balances to a middleman, who then resold the data to collection agencies, according to the The Wall Street Journal. Apparently, collection agencies use this type of data to expedite collection actions.
The Journal noted that about 10 major banks informed more than 100,000 customers of the theft. At least 500,000 accounts may have been compromised over a four-year period, added the paper, citing police in Hackensack, N.J., who are investigating the theft ring.
Customers in Florida, Georgia, North Carolina, South Carolina, Maryland and Pennsylvania are also at risk. “This is far from over,” Detective Sgt. Jay Alpert told the paper.
Meanwhile, in a second case, a laptop computer containing names and Social Security numbers of about 16,500 current and former MCI employees was stolen from a car parked at the home of an MCI financial analyst. A company spokeswoman told the Journal that the computer was password protected. However, she did not say whether the employee information was encrypted.
MCI officials said they had no reason to believe that any of the information was sold or used by identity thieves, according to the report.
The Journal pointed out that this is not the first case in which a company’s sensitive information was mishandled. It notes that Time Warner Inc. recently admitted that a container holding personal information on about 600,000 current and former employees was lost while being shipped by truck in March.
The two new incidents come on the heals of reports that hackers penetrated the computers at LexisNexis. On Friday, the Journal reported that the Secret Service last week served search warrants on as many as 10 people who may have gained access to the LexisNexis system.
(Editor’s note: A previous version of this story incorrectly referred to hacker break-ins at ChoicePoint and Lexis-Nexis last week. The ChoicePoint incident involved data fraud discovered by the company last October; the LexisNexis hacking incident reportedly occurred in February, although the investigation of the incident is current.)