Wednesday, January 28, 2009
ID Theft Settlement - $20 Million
A data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive without permission. The external drive had names, birth dates, and Social Security numbers of more than 26 million veterans. It was stolen in a burglary. It took the VA three weeks to notify the veterans that may be ID theft victims as a result of this theft.
Five veterans groups sued and a settlement was recently reached. It must still be approved by the court, but the U.S. Treasury will pay $20 million to the veterans affected.
Under the proposed terms a veteran who demonstrates that they were harmed by this data breach will receive between $75 and $1,500. Any funds remaining after a designated period of time will be donated to approved veterans charities.
Under the lessons learned, banks must have reaction plans to expedite responses to data breaches. The cause of a data breach could be a penetration of a system, the loss or theft of a laptop or drive (including thumb drives) or some vendors system you had no control over. TJX and Heartland are examples of this. You must be prepared for a multitude of security issues to avoid settlements such as this.
A data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive without permission. The external drive had names, birth dates, and Social Security numbers of more than 26 million veterans. It was stolen in a burglary. It took the VA three weeks to notify the veterans that may be ID theft victims as a result of this theft.
Five veterans groups sued and a settlement was recently reached. It must still be approved by the court, but the U.S. Treasury will pay $20 million to the veterans affected.
Under the proposed terms a veteran who demonstrates that they were harmed by this data breach will receive between $75 and $1,500. Any funds remaining after a designated period of time will be donated to approved veterans charities.
Under the lessons learned, banks must have reaction plans to expedite responses to data breaches. The cause of a data breach could be a penetration of a system, the loss or theft of a laptop or drive (including thumb drives) or some vendors system you had no control over. TJX and Heartland are examples of this. You must be prepared for a multitude of security issues to avoid settlements such as this.
Friday, January 02, 2009
Kidnapping and Bank Robbery, Like a Hollywood Movie
On a Friday night, Yosef Tadele, Yohannes T. Surafel and a yet to be identified man, went to the Clinton, MD, home of an assistant branch manager for Suntrust Bank. They held her, her husband, and their two young children hostage. On Saturday morning, the family and Surafel were in the family's car driving to the bank where they expected her to remove cash from the vault.
James Spruill, the husband, was driving the car on Saturday. He saw a Maryland State Trooper in his rear view mirror. Spruill began to swerve in and out of traffic and was pulled over. He gave his bank card to the trooper when asked for his licence. This was to draw attention that there was a problem. Spruill then took advantage of the distraction and jumped in the back seat, pinning Surafel's hands and telling the trooper there was a gun. Surafel was arrested. Reportedly, Tadele and the third man were following the Spruill family car and drove past during the traffic stop. While in jail, Surafel attempted to hang himself.
Tadele was subsequently arrested. The police are following leads to find the third perpetrator.
While this may sound like a variation on the Harrison Ford move, Firewall, it isn't unique. Last September a PNC bank manager and her two young children were abducted and forced to withdraw $169,000 from her bank. Four were arrested in that case.
This is a good time for Security Officers to review procedures with branch staff and all officers. Following different routes to and from work, having duress codes and knowing that the money is worth less than a life are details the bank should discuss.
On a Friday night, Yosef Tadele, Yohannes T. Surafel and a yet to be identified man, went to the Clinton, MD, home of an assistant branch manager for Suntrust Bank. They held her, her husband, and their two young children hostage. On Saturday morning, the family and Surafel were in the family's car driving to the bank where they expected her to remove cash from the vault.
James Spruill, the husband, was driving the car on Saturday. He saw a Maryland State Trooper in his rear view mirror. Spruill began to swerve in and out of traffic and was pulled over. He gave his bank card to the trooper when asked for his licence. This was to draw attention that there was a problem. Spruill then took advantage of the distraction and jumped in the back seat, pinning Surafel's hands and telling the trooper there was a gun. Surafel was arrested. Reportedly, Tadele and the third man were following the Spruill family car and drove past during the traffic stop. While in jail, Surafel attempted to hang himself.
Tadele was subsequently arrested. The police are following leads to find the third perpetrator.
While this may sound like a variation on the Harrison Ford move, Firewall, it isn't unique. Last September a PNC bank manager and her two young children were abducted and forced to withdraw $169,000 from her bank. Four were arrested in that case.
This is a good time for Security Officers to review procedures with branch staff and all officers. Following different routes to and from work, having duress codes and knowing that the money is worth less than a life are details the bank should discuss.
