Countrywide loses personal data in insider scam

Share this article:

A former Countrywide Home Loans employee was one of two California men charged in a scam to steal and sell personal data of customers.

Rene Rebollo Jr. of Pasadena was charged with exceeding authorized access to Countrywide's data, and Wahid Siddiqi of Thousand Oaks was accused of fraud. 

Rebollo are accuse of downloading information of 20,000 customers once a week for two years, then selling the identity batches to a third party for $500.  According to public reports, Countrywide spokesperson Susan Martin said 19,000 customers have been notified that their identities may have compromised.

This was a monitoring breakdown on many levels, Michael Maloof of TriGeo Network Security told on Monday.

“The data access alone is a classic example of what I'd call privileged abuse,” Maloof said. “This gentleman had legitimate reasons to access this data, but not on Sunday and not to download 20,000 records at a time. Simple monitoring should have caught this.”

Maloof also questioned the IT security policy of letting someone use an USB or external storage device, as Rebollo was alleged to use.

“It would be a reasonable use entirely, but at the very least there should be monitoring of the type of information that is being downloaded to external devices,” Maloof said. 

Gartner analyst Avivah Litan told that she is concerned that this type of data theft is more pervasive than is generally realized.

“One company, in this case Countrywide, is getting the headlines,” she said, “but this could be a rampant practice throughout the industry.”


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.