Countrywide warning: Ex-employee (may have) sold customer, mortgage data

Summary:Countrywide Mortgage has started notifying customers that a rogue employee (since dismissed) may have sold sensitive personal information to an unidentified third party.The company mailed "urgent security notification" letters to customers this week, warning that the customer information involved included names, addresses, social security numbers, mortgage loan numbers and "various other loan and application information.

Countrywide warns about rogue employee selling personal data
Countrywide Mortgage has started notifying customers that a rogue employee (since dismissed) may have sold sensitive personal information to an unidentified third party.

The company mailed "urgent security notification" letters to customers this week, warning that the customer information involved included names, addresses, social security numbers, mortgage loan numbers and "various other loan and application information.

Here's a portion of the letter I received the morning (I'm a Countrywide customer):

countrywide letter on internal sale of customer data

(Click image for larger version)

The company said it will take "necessary precautions" to monitor the mortgage accounts of affected customers and promised to issue notifications "if we detect any suspicious or unauthorized activity related to this incident."

[ SEE: LendingTree insiders leak customer data ]

The Countrywide notification letter comes more than a month after the FBI arrested two men -- on a former Countrywide employee -- on charges related to a scheme to steal and sell sensitive personal information, including Social Security numbers, of as many as 2 million mortgage applicants.

The insider was identified as Rene L. Rebollo Jr., 36, who had worked as a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. He was arrested at his home in Pasadena and charged with unauthorized access to a financial institution's computers.

In an affidavit filed in federal court, the FBI said Rebollo had voluntarily described the scheme. Rebollo said he would charge $400 or $500 for batches of thousands of "leads" -- personal and account information that presumably would help outside loan agents solicit new mortgages from the Countrywide applicants, some of whom had been denied loans by the Calabasas company.

Authorities said they didn't know whether any of the information had been used for outright fraud, such as identity theft.

Rebollo would copy information on about 20,000 customers at a time on Sunday nights by using a Full Spectrum computer that did not have the same security features that other machines in the office had, according to the affidavit by FBI Special Agent Richard P. Ryan.

At that rate, the U.S. attorney's office said, Rebollo would have compromised up to 2 million customer profiles for about 2.5 cents each -- an astonishingly small amount considering the importance of the material. Mortgage leads are among the most expensive for sale because of the potential payoffs to intermediaries when loans are made.

Earlier this year, LendingTree had a similar internal problem with the sale of customer data to third parties.

Topics: Government : US, Banking, Enterprise Software, Government

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.