Second time a Wells Fargo computer stolen in 90 days
By PATRICK CROWLEY
4/20/2004

For the second time in less than four months, a computer containing confidential information about thousands of Wells Fargo Home Mortgage customers has been stolen.

The latest theft occurred in late February near St. Louis when a rental car driven by Wells Fargo employees was stolen from a convenience store, a company spokesman has confirmed. A laptop computer with confidential customer information that included customers' names, addresses and Social Security numbers was in the trunk.

Wells Fargo customers were informed in a March 22 letter from the company.

The computer has not been recovered, Wells Fargo spokesman Alejandro Hernandez said in a phone interview.

Police in Edmundson, MO, are investigating, Hernandez said.

The letter was sent because the company wanted to "contact customers in a proactive manner," Hernandez said.

Wells Fargo has no evidence that any of the information has been used, he said.

"We apologize for any anxiety this has caused," Hernandez said.

Hernandez would not reveal the number of names on the computer but said it is in the thousands. The car was recovered but not the computer.

"Confidential loan information was stored on the computer's hard drive," the letter says, "however, no passwords or personal identification numbers (PIN) were included on the files."

Wells Fargo is offering affected customers a free year's membership in a credit monitoring service called Identity Guard CreditProtectX3. The service monitors major credit reporting agencies "and notifies you whenever there are selected changes to your credit bureau file(s)," Wells Fargo says in the company letter.

"We are taking precautionary steps" against identity theft, Hernandez said.

In November, a computer containing similar information about Wells Fargo customers was stolen from the California office of consultant working for the company. It was recovered and an arrest was made.

Computer security experts say there are precautions that can be taken against identity theft.

One of the best approaches is using a multi-character password, said David Hatter, the president of Libertas Technologies in Covington, Ky., a computer consulting firm.

"Passwords can be easily overcome, and it is true that passwords won't stop a determined experienced identity thief," said Hatter, the author of 11 books on computer applications and systems.

"However, strong passwords -- at least eight characters that are a mixture of letters, numbers, and special characters like # or @ -- are hard to crack," he said. "They will block the casual hacker and make it much more difficult and time consuming to get to data."

Hatter also suggests using phony user names to further deter hackers.

"Rather than using my real name for a user name, I typically use the name of key characters from my favorite books," he said, "assuming that is allowed by the system administrators of the system in question.

"Someone must guess the user name I have selected as well as my password" to hack the files, he said.

But Hatter said the "ultimate" in data security is encryption, which scrambles data so that only authorized users with the appropriate encryption keys can read the data.

"In this case, even if a hard disk is stolen, if would be rendered useless in another computer," he said.

Windows 2000, XP and 2003 has Encrypting File System (EFS) that allow users to encrypt data stored on a disk, Hatter said.

Article © MortgageDaily.com All Rights Reserved