Security Breaches Abound: Honda Canada, Commonwealth Bank of Australia & Bank of America

It continues to be a busy week in the realm of IT security. Late this afternoon, ComputerWorld reported that Honda Canada was notifying 280,000 of its customers that personal information including their "names, addresses, vehicle identification numbers, and in the case of a small number of customers, their Honda Financial Services account numbers," had apparently been compromised by a hacking attack. However, their Social Security numbers, driver's license information, birth dates, phone numbers and credit card numbers were not accessed.

ComputerWorld reported that Honda had discovered the breach in late February, but only began notifying its customers earlier this month. Honda's missive to its customers told them to beware phishing campaigns that might use their Honda-related information.

There was no explanation as to why Honda took so long to let its customers know about the breach. I suspect the Canadian privacy commissioner will be asking for such an explanation very soon.

Then late this evening, the Sydney Morning-Herald reported that at least 8,000 customers of Commonwealth Bank of Australia (CBA) had their MasterCard and Visa credit cards immediately canceled as result of a data breach being uncovered at an as of yet unnamed merchant. The breach caused a smaller number of customers of Westpac Bank and its St. George's Bank subsidiary to have their credit cards canceled as well.

The Morning-Herald stated that the breach was discovered "through an Australian merchant acquired by another bank." No further details were given about this cryptic explanation.

Risk Factor readers may remember that CBA has been plagued with banking problems the past year (see here, here and here, for instance).

Then there was news earlier this week that an employee of Bank of America leaked confidential information to a loosely-organized gang of check scammers, 95 of which have been arrested by the US Secret Service so far. The employee provided the scammers with customers' full banking record, including "names, addresses, Social Security numbers, phone numbers, bank account numbers, driver's license numbers, birth dates, email addresses, mother's maiden names, PINs and account balances," the LA Times reported Tuesday.

The Times article says that the BoA employee leaked customer information as far back as at least last September. The employee and the others were arrested in February, but apparently the bank has only recently begun to notify the affected customers of the fraud. BoA and the Secret Service are saying little about the incident, saying that the investigation is still on-going.

The Times says that at least $10 million was stolen in the scheme.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement