[ISN] FBI checking theft of Dain clients' data

InfoSec News isn at c4i.org
Wed Sep 28 00:48:13 EDT 2005


Thomas Lee
Star Tribune 
September 28, 2005 

The FBI has opened an investigation into the possible theft of
personal information about some clients of RBC Dain Rauscher Inc.

The chief executive of the Minneapolis-based brokerage firm disclosed
the problem in a letter sent to 300,000 households. Dain Rauscher has
not yet detected any fraudulent activity in their accounts, according
to the letter from Dain head John Taft.

"While we have no information to believe that your personal
information has been compromised in any way, we are treating this as a
serious situation," Taft wrote.

FBI agent Paul McCabe said the agency does not know how many accounts
might be affected.

Dan Callahan, a Dain Rauscher spokesman, said some clients have
received anonymous letters sent last week by someone claiming to be a
former Dain employee. The letter, received by a seemingly random group
of more than 100 account holders, contained each recipient's name,
address, tax identification number, birthdate and Dain Rauscher
account number.

The Star Tribune obtained a copy of the profanity-laced letter, whose
author said he was seeking revenge on Dain Rauscher because the
company fired him.

The writer claims to have been able to copy information from
"thousands" of accounts because Dain Rauscher did not remove his
password from a mainframe computer. He claims to have sold the
information to an unidentified buyer.

"It is Dain Rauscher's [mistake] that I did this so blame them," the
letter says. "Call a TV station, ask them to call Dain and find out
how the idiots are going to fix this."

Callahan said the company, which like other brokerage houses has
experienced heavy turnover in recent years, routinely changes
passwords when an employee leaves the firm. Nevertheless, Dain is
reviewing its security procedures and has hired an outside firm that
specializes in identity theft.

"We are a victim, just like our clients," Callahan said. "We take
their protection very seriously."

The company is asking people who receive the letter to contact Dain
immediately. Callahan said that customers should place the letter in a
plastic bag because it might contain fingerprints. The company is
turning the letters over to the FBI.

McCabe declined to comment further except to say that the FBI is
"vigorously" pursuing the case.

The incident is the latest case involving the potential theft of
personal information from financial institutions such as banks and
credit-card companies.

In February, MasterCard International Inc. said a computer hacker may
have accessed personal information of as many as 40 million credit
card holders. And late last year, Wells Fargo & Co. said four laptop
computers were stolen from an Atlanta company that prints loan
statements. The computers contained names, addresses and Social
Security numbers of an undisclosed number of customers who have
mortgages and student loans with the bank.

Copyright 2005 Star Tribune. All rights reserved.

More information about the ISN mailing list