Financial records of nearly 700,000 customers who used four major banks may have been stolen by bank employees and sold to collection agencies, officials said Monday.
According to the U.S. Department of the Treasury, the crime is believed to be the largest breach of banking security in the U.S.
The bank employees accessed records for customers of Commerce Bank of Cherry Hill, N.J., PNC Bank of Pittsburgh, and Charlotte-based banks Wachovia and Bank of America, according to Ken Zisa, police chief in Hackensack, N.J., where the investigation was centered.
More than 100,000 customers of Wachovia Corp. and Bank of America Corp. have been notified of the problem. So far, Bank of America has alerted about 60,000 customers whose names were included on computer disks discovered by police.
"We are trying to communicate with our customers as promptly as possible," Bank of America spokeswoman Alex Liftman said Monday. "So far we have no evidence that any of our customer information has been used for account fraud or identity theft."
Wachovia said it has identified 48,000 current and former account holders whose accounts may have been breached.
"The numbers have increased as we continue to receive additional names from police," Wachovia spokeswoman Christy Phillips said Monday.
The bank record theft was exposed April 28 when police in Hackensack charged nine people, including seven bank workers, in an alleged plot to steal financial records of thousands of bank customers.
Repeated calls seeking comment were not returned by Commerce Bank officials.
PNC officials declined to estimate how many of their customers' accounts may have been breached. New Jersey authorities found 12 names and Social Security numbers belonging to PNC customers, but the bank found no suspicious activity in the accounts.
Authorities said they discovered the plot in February after searching the Hackensack apartment of collection agent Orazio Lembo Jr. as part of a separate investigation.
Lembo, 35, received lists of people sought for debt collection and turned that information over to the seven bank workers, who would compare those names to their client lists. The bank workers were paid $10 for each account they turned over to Lembo, Zisa said.
The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Hackensack Det. Capt. Frank Lomia told ComputerWorld. The suspects then manually built a database of the accounts.
Continued scrutiny of computer discs seized from Lembo's offices has yielded more names. Investigators have now identified nearly 700,000 potential victims, Lomia said.
"In law enforcement, computers are our best friends," Lomia told ComputerWorld. "They leave a [data] trail. Now it's all in one neat place and it gives the forensic computer specialists so much information. This guy was real good at saving everything, and we appreciate that."