Flutterby™! : Dear Ziffle - we value your relationship...

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Dear Ziffle - we value your relationship...

2006-05-23 15:16:14.569733+00 by ziffle 6 comments

This morning I received a letter from Wells Fargo Mortgage Company: To wit: "We shipped a COMPUTER and the computer was stolen, It happened to contain your name, address, SS# and Loan Number...."

Anyone else had their data stolen? Why do they ship computers? Why not transmit the data.

They do say the data is double encrypted -- so should I feel safe?

Ziffle

[ related topics: Bay Area Machinery Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2006-05-23 15:45:22.570955+00 by: meuon

I'm thinking it's time hard drives/media and systems with data get treated like money, and have them bonded armed couriers deliver them... once upon a time that was Wells Fargo's area of expertise.

Might be a good business opportunity.

Unless it was a server, why was client data on a PC?

#Comment Re: made: 2006-05-23 15:56:48.044978+00 by: Dan Lyke

And there's an economy of scale issue happening here: It's much more profitable for a data thief to go for the big haul. Smaller financial institutions are your friend.

Re: "double encrypted": Yeah, so's this message, I've run it through ROT13[Wiki] twice. In fact, I did that and then ran it through an XOR with my one-time key, twice! Funny that it's still totally readable, hey?

#Comment Re: made: 2006-05-23 16:24:43.186138+00 by: meuon

Dud3! my 3l1t3 haxor $y$t3m aut0-d3krypt3d ur 2x kryp3d kr@p

#Comment Re: made: 2006-05-23 16:44:11.214512+00 by: Dan Lyke

OMFG!!1!!! I G0+ PWn3D!!! LOL!!!!1!11!!!1!!!

The sad part is, except for the suit, that's most likely basically both the mentality and the level of communications used by the Well's Fargo IS guys who allowed procedures that let stuff like this happen.

#Comment Re: made: 2006-05-24 04:55:05.175635+00 by: Larry Burton

Ziffle, I received one of thos letter also. I don't much believe a lot of what they told me about law enforcement wanting them to keep quite about the thieft. What I think happened is that a new hire in the field was shipped a computer by IT. I think IT probably has a policy to preload applications and data on all computers shipped to new hires. The other possibility is that an employee from the field quit and shipped their computer back. It must have been an awful large hard drive to have a large enough database for both of us to be in it.

Like I said, I don't believe much of what they told me.

#Comment Re: made: 2006-05-24 23:32:37.65207+00 by: Dan Lyke

Larry, it sounds like this was the home mortgage division, roughly 2 million customers, no news on how many of those accounts were compromised, but if that's name and address info that could easily be only a few gigabytes of database.