Bank of America recently began informing its customers of a severe data protection failure that may have cost the company more than $10 million in losses.
According to recent reports from IDG News Service and the Los Angeles Times, a former bank employee had provided customer information to a "loosely affiliated criminal gang," which used the data to steal money from approximately 300 Bank of America customers.
Though more than 90 members of the criminal organization were arrested in February, the bank only recently admitted to the breach, which may have exposed such customer information as names, addresses, Social Security numbers, bank account numbers, driver's license numbers, PINs, account balances and more.
According to reports, one victim, Andrew Goldstein, lost as much as $20,000 from the security breach. Scammers used Goldstein's information to order checks from Bank of America, which were then cashed "everywhere from Hollywood to Las Vegas within a matter of hours," the Los Angeles Times' David Lazarus wrote.
The scammers also accessed Goldstein's Verizon account to have all calls forwarded to their mobile phones. This, Lazarus noted, would have prevented the bank from contacting Goldstein about any suspicious activity.
Bank of America has reportedly offered to reimburse all the fraud victims and will provide two years of credit monitoring free of charge. However, as in Goldstein's case, the incident has severely damaged customer trust in the bank.
"I go online and check my accounts two or three times a day," Goldstein told Lazarus. "It's not like before."
Insider data breaches are among the most damaging – and often the most difficult to prevent – types of threats facing businesses. According to Verizon's recent Data Breach Investigations Report, 17 percent of all data breaches in 2010 involved company insiders.