Lasalle Bank, 2 million mortgagees, SSNs, acct #s, "lost" tape
From Crain’s Chicago Business:
LaSalle Bank Corp. says a computer tape bearing confidential information on about 2 million residential mortgage customers disappeared last month as it was being transported to a consumer credit company in Texas.
The Chicago bank has alerted law enforcement authorities and is also monitoring transactions closely to detect any unusual or fraudulent activity affecting its customers. The tape contained customers’ names, account numbers, payment histories and Social Security information.
A package containing the tape disappeared sometime after Nov. 18, when it was picked up by DHL from LaSalle’s data center in Chicago. It never arrived at its intended destination: an Experian credit bureau office in Allen, Texas.
This latest data loss bears a remarkable similarity to one suffered by Citigroup, which Adam reported on in June.
The Citi incident, claims Stephen Spoonamore, was an inside job involving 15-20 people. This claim has been picked up by Bruce Schneier, and will now garner much infosec community attention.
If Spoonamore is correct, and I hasten to add that his assertions appear in a trade mag and are not sourced or corroborated, the Lasalle Bank incident becomes even more interesting, since very similar unencrypted data just happen to have been on their way from a large bank to Experian’s data center in Allen, Texas, and just happen to have gone missing.
If there is foul play in the Lasalle incident, then either the conspiracy is broader than heretofore suspected, since Lasalle shipped via DHL, whereas Citigroup used UPS, or the shipping firms are not to blame (since they differ across cases), or we have more than one group of bad actors at work here. None of the above is particularly good news for any of the jillion or so people who have a loan in the U.S.
Since the “if” in the preceding paragraph is a rather big one, I’d like to see Spoonamore’s assertion concerning the fact pattern subjected to a good deal of scrutiny. If it holds water, now that Lasalle has been hit this gets very, very interesting.
I sure hope Rudolph is getting plenty of sleep, because when Santa visits Allen, Texas it seems that some extra care will be needed to ensure that the presents actually show up.
December 19 Update: Bob Sullivan notices the similarity between this and the Citibank incident, too. Now start making calls, Bob. I bet Spoonamore’s number is listed. :^)
A quick note — Lasalle Bank is a subsidiary of ABN Amro. Since the latter is better known outside of Chicago, reports elsewhere may use the ABN Amro name.