MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Banking

Bank of America check card data compromised

Summary: Bank of America says that some of the information from its check cards have been compromised.In a letter to customers--I was one of them--Bank of America said:We have learned that information from certain Bank of America Check Cards may have been compromised.

Larry Dignan

By for Between the Lines |

Bank of America says that some of the information from its check cards have been compromised.

In a letter to customers--I was one of them--Bank of America said:

We have learned that information from certain Bank of America Check Cards may have been compromised. Your Check Card number may have been part of this compromise. To ensure that your privacy is protected to the best of our ability we have taken the following steps:

  • As a measure of added security we have issued you a replacement Bank of America check Card. It is included with this letter.
  • Your old card will be closed within 30-days of this letter.
  • We will monitor activity on your Bank of America account; if we detect any suspicious transactions we will notify you immediately.

From there, Bank of America tells you to activate the new card, check recurring payments and destroy the old card. And last but not least monitor your account.

Bank of America closes with "we understand that some of these steps may pose an inconvenience to you" and the bank says it "is working hard to keep your financial information secure."

I'll call to see how many other card numbers were compromised beyond mine. One annoyance: After you activate your card Bank of America pitches you on a privacy protection service. That's a bit tacky given that Bank of America compromised your data in the first place.

Update: A Bank of America spokeswoman wouldn't put a figure on how many accounts may have been compromised. She did say the following:

This was not a breach of the bank's systems. Sometimes we are notified by the card associations. If a card is compromised at third party we notify the customer and replace the card.

The spokeswoman wouldn't disclose the third party where the breach occurred.

Topics: Banking, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion

  • Sue 'em.

    This is inexcusable.
    bjbrock
    Reply Vote

    • I Agree...

      The Bank needs to know it will cost them more (at least an order of magnitude) not to secure their systems than to secure them, otherwise they will never secure them, they will just eat the lost, while you end up with a ruined credit score along with things like late mortgage payments because you have no money left in the account to pay them.
      mrlinux
      Reply Vote

      • Hold on to your lawyers for a sec.

        I have had a similar situation happen with me that bares a lot of similarity. In my case, it wasn't the bank at fault, it was a merchant issue where the police had notified my bank that my card info may have been compromised at a vendor. If that is the case here, BoA may not have been compromised at all (as they stated), and may not be allowed to name the 3rd party because they don't want to get sued themselves.
        DigitalFrog
        Reply Vote

        • You're correct Frog,

          From experience at a bank, I can tell you 9 of 10 times it is a merchant's network who is breached. (remember the massive wireless breach in 2007) Unfortunately, merchants are not held to near the security standards as banks, and because so deploy technology such as WEP. Hacks know this, and also know response time for this type of incident. From the time they crack a merchants system, the merchant has to figure out who was affected, then notify the card issuer (Shazam, Cirrus, Pulse, etc.), who THEN notifies the bank one of their customers' cards was compromised (who then notifies the customer). Very likely the author's card was compromised 6 months ago or longer. What is needed is increased security on the merchant's end, not banks.
          IAmLegion20ll
          Reply 1 Vote

          • You're correct Frog +1

            I had a similar experience before with a different bank. Likewise, the bank said a merchant had its network compromised, so my data was at risk. So the bank cannot be held responsible for this.
            HtimesH
            Reply Vote

    • EMAIL

      We received an email from our IT staff stating:
      An e-mail that purports to be from 'Bank of America' is being sent to personnel stating "Your card is about to expire" and requesting that all users click on link to "Login here". This e-mail is NOT from Bank of America and should be ignored. This is an attempt by unscrupulous persons to steal account information.
      brown eyed girl
      Reply Vote

  • RE: Bank of America check card data compromised

    i am one of the customers.
    reverseswing
    Reply Vote

    • Me too.

      Was 1800flowers.com one of the merchants the criminals
      used? UPS?

      Incidentally, 1800flowers.com refunded the money on one
      transaction, but fought me on the second transaction. A
      1800flowers.com rep actually called about the first
      transaction (the one that was refunded), which was my first
      indication that my check card had been compromised.
      AFAIK, the resolution of the second charge is still pending.
      How ridiculous is that?
      Marcos El Malo
      Reply Vote

  • RE: Bank of America check card data compromised

    Lovely, I just switched my personal and corporate accounts from Wachovia to BOA and for what? this? great!

    JT
    http://www.Privacy-Center.net
    BlueFootTwo
    Reply Vote

    • So, what was wrong at wachovia?

      Perhaps just their just their well discussed subprime exposure? Recently they have greatly tightened up their lending criteria, and done other measures to shore up their capital. As of now I am of the opinion that they have the situitation in hand.
      pessimist
      Reply Vote

  • RE: Bank of America check card data compromised

    Yea, I presume you all live in a cave, because this isn't the first banking institution whose debit cards or credit cards have been compromised in the last 5 years (Wachovia, Citi, Chase) Nor is it the first time for BAC, and probably, unfortunately, but truthfully, it won't be the last. The silver lining of a compromised debit card: ONLY THE DEBIT CARD IS COMPROMISED, not your personal info (ie SS#) nor actual ACCOUNT numbers, info etc. And the fix is: close the card, reissue card number, done. So calm down...
    bleenk1
    Reply Vote

    • Still a huge PITA

      And BofA procedures don't make it any easier.

      My money was unavailable to me until the transactions
      actually posted, due to the funds being placed on hold by
      merchants used by these cyber criminals. Since this
      occurred on a Friday, I was broke all weekend!

      I should note that this was AFTER the BofA fraud
      department had flagged the transactions and notified me
      my card had been compromised.
      Marcos El Malo
      Reply Vote

      • Wells Fargo at least made it a bit less of a PITA...

        A number of years ago, my card and PIN number were cloned at a gas station I went to. WF called me, informed me that the card was compromised, my bank account was cleaned out by scum and that they were returning the funds to the account but my card would be unavailable until a new one was sent to me. BUT... I could go down to the local branch, get a temporary card and use that until the new card arrived. The only hitch - the temp card, since it lacked any distinguising marks (it was plain white and had Wells Fargo's name on it) it couldn't be used anywhere besides a WF ATM.
        Wolfie2K3
        Reply Vote

      • One practical defense

        Having 2 accounts at different banks seems a bare minimum in todays environment.
        pessimist
        Reply Vote

  • RE: Bank of America check card data compromised

    That is funny!! B of A.... when will they ever learn?
    malbin
    Reply Vote

  • RE: Bank of America check card data compromised

    As I've stated as a reply to other BLOGs: The perps are economic terrorists. Hunt some down and execute them. See how often this crap happens after that.
    wblacroix@...
    Reply Vote

  • According to TFA, BoA's system was not breached

    Anybody taking any bets on whether or not the merchant's system that was compromised used Wireless networking?

    http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=45392&messageID=838312&start=-9958

    Because we all know: Wireless and Retail Do Not Mix! (Right George?)

    -Mike
    SpikeyMike
    Reply Vote

  • New Wells Fargo "benefit"?

    I just received a letter from Wells Fargo telling me that they removed all limits on the amount of money that could be withdrawn using my debit card. In other words, if a thief ever gets my debit card info, they can empty my checking account, my savings account, and even use my "overdraft protection" to leave me owing the bank money!

    I am writing a letter back to the VP of customer service at Wells Fargo telling them I am canceling my accounts because of the gold-plated invitation they are giving to identity thieves. At least with the previous terms, my exposure was limited to $500/day.

    The terrible thing about debit card theft is that 1) Debit cards are not protected by the same rules as credit cards. You are required to PROVE that YOU did not withdraw the money. This proof is often much harder than you think.
    2) Your money is GONE until you can satisfy the bank that you were not at fault. At least with credit cards, when you file a protest the charge is suspended until the matter is resolved. 3) Few states have consumer protection laws covering identity theft and bank fraud. There isn't anyone left at the federal or state level willing to help you out if you have been defrauded or mistreated by a bank.

    I firmly believe what Dave Ramsey has been saying for years: credit and debit cards pose a far greater danger to your personal finances than any perceived "benefit". Buying ANYTHING on plastic other than emergency medical or travel assistance is a huge mistake. Having a debit card with easy access to your account is not a convenience, it is a risk, and a big one.
    terry flores
    Reply Vote

  • RE: Bank of America check card data compromised

    What bothers me the most is the lack of transparency in these breaches. BOA won't name names, so we are at a loss as to what's really going on. I mean, how can we take steps to protect ourselves if we don't have all the facts. Also - poster said his funds were cut off for a weekend - what if he had gotten in some type of real jam and needed cash to get out of it. Too bad for him, I guess. http://whistlersear.wordpress.com
    nellwal@...
    Reply Vote

    • Oh...it ain't just them...

      > "what if he had gotten in some type of real jam"

      When traveling through Canada last fall our MasterCard dropped dead after using it for just short of 2 days. When we actually managed to get a hold of someone at MC they blithly replied "It's a security thing, you didn't tell US you were leaving the country". When we asked they fix it we were told "It's late on a Friday and the person who can authorize that has left for the day, call back on Monday". After the ozone diffused and the thunder subsided, my wife can have a temper at times, the supervisor agreed to turn the card back on. But maybe it wasn't my wife who did it...perhaps they could hear me in the background saying where they could put their card.
      Cardinal_Bill
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close