From: security curmudgeon (jerichoattrition.org)
Date: Thu Apr 08 2010 - 02:18:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Original incident:
http://datalossdb.org/incidents/1073-employee-sells-customer-list-exposing-names-and-social-security-numbers

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.darkreading.com/database_security/security/privacy/showArticle.jhtml?articleID=224201969

By Tim Wilson
DarkReading
April 07, 2010

Customers of Countrywide Financial have filed a class-action lawsuit over
the 2008 data breach that enabled company insiders to steal and sell their
personal information.

According to a Courthouse News Service report, the class-action lawsuit on
behalf of 16 plaintiffs seeks $20 million in damages, plus punitive
damages.

The data theft, originally attributed to a single employee working over a
two-year-period, exposed tens of thousands of customer records.

The lawsuit alleges that Countrywide Financial employees stole and sold
"tens of thousands, or millions" of customers' personal financial
information, according to the news report.

The suit claims the defendants do not dispute that customers' private
financial information was disseminated. It seeks to find out "whether the
dissemination was intended as a plan or scheme, or was intentional; [and]
whether any of the defendants was simply aiding and abetting, rather than
an architect of the plan to disseminate the personal information."

[...]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]