[gnso-acc-sgb] Banks as third party Whois accessors?

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

All sgb members,

And here are only a few more examples of why banks as a sector
are a very pecarious choice as third party Whois accessors.

JP Morgan Backup Tape Lost, Paper Documents Exposed
(May 1, 2007)
A backup tape containing personally identifiable information of JP
Morgan Chase customers and employees disappeared either while en route
to or after arriving at an off-site facility. The tape holds account
information and SSNs. The number of accounts affected is estimated to
be 47,000. In a separate incident, JP Morgan Chase is investigating
claims that documents containing client data were left in trash bags
outside their offices in the New York City Area.
http://www.financialnews-us.com/?page=ushome&contentid=2347681605
A video on YouTube allegedly is showing the
discarded documents http://www.youtube.com/v/G_8xRnzQqME]

UK Consumers Down on Data Security
(April 17, 2007)
A survey of 1,200 UK consumers found that more than half are reluctant
to shop at businesses, both online and brick-and-mortar, that have
experienced security beaches.  Forty-five percent do not believe banks
and retailers are taking adequate measures to safeguard customer data.
Over all, 14 percent of respondents said they had been victims of data
theft.  One third of the respondents did not offer personal information
online, yet 11 percent of them had still experienced identity fraud.
Eighty percent of the respondents said they would expect to receive
immediate notification in the event of a breach.  Ipsos MORI conducted
the survey on behalf of Secerno.
http://www.theregister.co.uk/2007/04/17/data_breach_survey/print.html
http://news.bbc.co.uk/2/hi/technology/6559509.stm
http://software.silicon.com/security/0,39024655,39166773,00.htm
http://www.vnunet.com/vnunet/news/2188012/uk-consumers-distrust-security



Stolen Bank of America Laptop Holds Employee Data
(April 13, 2007)
A laptop computer stolen from a Bank of America (BofA) employee holds
personally identifiable information of an unspecified number of current
and former BofA employees.  Compromised data include names, addresses,
dates of birth and Social Security numbers (SSNs).  BofA has sent
letters to individuals whose data were compromised; the letter says
there is no indication the information has been misused and offers
recipients two years of free credit monitoring.  Limited information has

been made available regarding the circumstances of the theft because it
is under investigation.
http://charlotte.com/123/story/83747.html

(April 3, 2007)
Netherlands-based bank ABN Amro is compensating four online banking
customers who lost funds in a man-in-the-middle attack while using
two-factor authentication.  The victims received phishing emails with
attachments; when the attachments were opened, they installed malware
on the computers, so the next time the users tried to conduct banking
business online, they were redirected to a spoofed site where attackers
used their temporary, token-supplied passwords to withdraw funds from
their accounts.
http://www.computerweekly.com/Articles/2007/04/03/222857/abn-pays-out-over-hacked-accounts.htm

Bank Glitch Exposes Information on 75,000 Accounts
(30 January 2007)
Halifax Bank of Scotland has launched an investigation into a glitch
that resulted in one customer, who had requested her own statement,
receiving account and transaction information of 75,000 other account
holders.  The woman received five packages in the mail.  The bank was
unaware of the problem until the customer returned the documents.

http://www.thisisnorthscotland.co.uk/displayNode.jsp?nodeId=149664&command=displayContent&sourceNode=149490&contentPK=16523463&folderPk=85696&pNodeId=149221

Oh and I have about 200 more of similar incidents...

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827