Cybersecurity and Wells Fargo

Wells Fargo has a bad day

Charles Parker, II

Wells Fargo is a large international bank. They have over 70M customers worldwide and operate in 35 countries. As with most banks, they have all the usual services (e.g., checking and saving accounts, CDs, residential mortgages, and the other offerings). There are also employees you see all through the branches and the ones you don’t see in administrative roles doing payroll, accounting, compliance, and the many other roles.

Banks collect a mass amount of data on their customers. Every time your check clears, you take money out of the ATM, login to check your balance, move money around, etc., the transaction is recorded. In this age of agencies collecting every piece of data and saving these in massive above- and below-ground data centers, this shouldn’t be a surprise.

As they collect this day after day, month after month, year after year, the bank continues to be stewards of your data. They are responsible for your data. The bank and its staff must comply with state and federal laws and not just whatever they feel like. Earlier this year a Wells Fargo staff member decided to do something odd. An employee decided to send bank customer data (e.g., names and mortgage account numbers) to his personal email account. The bank is unsure how long the employee had access to the data, but they know the employee did this for two customers. After this was found, the employee was no longer working at the bank.

There are a few areas that did not appear to go correctly for the bank. The bank may not have had an adequate system in place to allow access to certain areas in the network where sensitive data resides. Perhaps the ACL procedure needs to be updated.

What went as planned was the DLP. The published account infers the bank’s DLP tool worked and picked up the activity. If the staff member did this once and was caught, there may have been other times when the acts were not.

About the Author-

Charles Parker II has been working in the info sec field for over a decade, in the banking, medical, automotive, and staffing industries. Charles has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.