BofA and DoD Security SNAFU: Info on 1.2 Customers Lost by Bank
Bank Loses Tapes of Records of 1.2 Million With Visa Cards
Bank of America said yesterday that it had lost computer backup tapes containing personal information about 1.2 million federal employees, including some senators, with Visa charge cards issued by the bank.
A spokeswoman for Bank of America, Alexandra Trower, said the bank did not believe that the information had been stolen or had fallen into the hands of people using it to commit fraud. There has been no suspicious activity on any of the affected accounts, she said.
The cards were issued to government employees who need to travel or make purchases on government business. About 900,000 of the cardholders are employees of the Defense Department. Senator Patrick J. Leahy, Democrat of Vermont, was one of the cardholders.
The bank sent letters yesterday to those whose data was on the lost tapes, providing a telephone number for questions or problems. The bank said it did not think it needed to change those account numbers.
Ms. Trower declined to provide many details about the incident, citing security concerns. She said that the tapes were part of a shipment in late December from a bank facility to another location meant to house backups. A few days after the shipment arrived, the bank discovered that a small number of the tapes were missing. The bank then notified the Secret Service, which has legal responsibility for credit card theft.
The investigation so far has turned up no evidence of wrongdoing and is consistent with the view that the tapes were simply lost in transit.
“We are presuming it’s not malicious activity,” said Barbara J. Desoer, the bank’s chief technology, service and fulfillment executive.
The bank notified the General Services Administration of the lost tapes on Jan. 11, said Mary Alice Johnson, a spokeswoman for the agency, which administers the government’s charge card program, known as Smart Pay. Several banks issue cards for federal agencies under that program.
Ms. Johnson said the bank had “behaved as a good citizen.”
The incident comes at a time of increasing attention to the risks to people when information about them held in corporate databases falls into the wrong hands.
Choicepoint, a company that sells personal data to landlords and employers, said last month that it had inadvertently sold personal data on 145,000 people to thieves last year. The information was used to steal the identities of at least 750 people.