This incident has 0 proposed changes. Know of details that have changed? Submit them Showing Incident 1073

SUMMARY

Employee sells customer list, exposing names and Social Security numbers.
Records	2,466,378
Record Types	SSN NAA
Breach Type	Fraud Se
Data Family	Unknown
Source	Inside - Malicious
Organization	Countrywide Home Loans
Other Affected/Involved Organizations	None
Lawsuit?	YES
Data Recovered?	NO/UNKNOWN
Arrest?	YES
Submitted By:	kirniki

TIMELINE

Date	Event
None. Add Data	Incident Occurred
New Timeline Item For Incident Occurred Date Reference URL Spam Check: Are you human?
2008-04-28	Incident Discovered By Organization
New Timeline Item For Incident Discovered By Organization Date Reference URL Spam Check: Are you human?
2008-08-01	Organization Reports Incident
New Timeline Item For Organization Reports Incident Date Reference URL Spam Check: Are you human?
2008-10-14	Organization Mails Notifications
New Timeline Item For Organization Mails Notifications Date Reference URL Spam Check: Are you human?
None. Add Data	Records Recovered
New Timeline Item For Records Recovered Date Reference URL Spam Check: Are you human?
2008-11-17	Lawsuit Filed
New Timeline Item For Lawsuit Filed Date Reference URL Spam Check: Are you human?
2008-07-07	Arrest Made
New Timeline Item For Arrest Made Date Reference URL Spam Check: Are you human?

SIMILAR INCIDENTS

records	date	organizations
1,486,651	2009-04-08	Mitsubishi UFJ Securities
4,600,000	2004-02-27	Softbank Corporation, Yahoo! BB
3,200,000	2008-11-27	C-W Group

MAP OF INCIDENT LOCATION

Address: 4500 Park Granada, Calabasas, CA 91302, USA
Have a better address for this incident? Suggest it!

suggest a new reference

REFERENCES

suggest a new attachment

ATTACHMENTS

KNOWN COURT CASES

CLOSED - SETTLED

State of Connecticut et. al v. Countrywide

Filed On

Justia Link

Pacer Link

Court

Federal?

Case Number

Pacer Case Number

Incident

2008-11-17

Pacer Docket

Justia

Southern District of California

true

3:08-cv-02110-DMS-LSP

1073

Case Files

Joint Motion to Dismiss

Awards / Settlements

Award	Monetary Value	Description
Fine	$350,000.00	Fine to the State Attorney General
Credit Monitoring	$25,000.00	A funded pool of money by Bank of America, with managed access through the CT attorney general
	$375,000.00

OSF Summary

Lawsuit brought by the state of Connecticut against Countrywide regarding their 2008 data breach. Countrywide was acquired by Bank of America during the case. This case was originally filed in CT, then it was moved to CA, then subsequently dismissed after a settlement had been reached. The settlement itself was filed in a state court in CT.

COSTS SUMMARY

Known Actual Costs

Monetary Awards from Court Cases	$375,000.00
TOTAL KNOWN COSTS	$375,000.00

Estimated Costs

Ponemon Institute Direct Costs Estimate ¹

$147,982,680.00

Note that these estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach. We multiply $60.00 by the number of records to obtain this figure. Keep in mind that depending on the breach, the direct costs are not always suffered by the breached organizations. In the case of credit card number breaches, the direct costs can often be suffered by banks and card issuers. Also note that this is only an estimate.

PRIMARY SOURCES

Primary Source ID: 657

add details to this primary source Description
A former Countrywide employee may have sold personal information to a third party. Information included name, address, SSN, mortgage loan number and various other information.
Filename	Source	Researcher	Incident IDs
VT_1221745039_Countrywide_Security_Breach_Notice.pdf	Vermont Office of the Attorney General	kirniki	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-09-06	2008-12-05	12 Dec 06:30
Excerpt
K · e e cOI.II’\lZTyWIdE® PO Box # 940910 Mt McCoy Station Post Office Simi Valley, CA 93065 September 6, 2008 Ref No. Dear r · We are writing to inform you that we recently became aware that a Count...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 915

add details to this primary source Description
Countywide ex-employee sold personal information
Filename	Source	Researcher	Incident IDs
CA_countrywide.pdf	California Office of Privacy Protection	kirniki	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
2200000	2008-09-06	2009-01-09	10 Jan 19:07
Excerpt
.T r21r~I—E1'?—2E1E·E1 1l3= 26 __ _ Qjft. [IFF I CE PR I UQCY PROTECT 916 574 SE1 1 P. 2zl,¤35 ml - so Countnwndet PD Box # 9-4GQlO September 6, 2008 M£J`v1cCoy Station Post Office Simi Vslleyl CA 93...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 1277

add details to this primary source Description
Personal information of customers shared with third party by unauthorised person
Filename	Source	Researcher	Incident IDs
VA_09062008_countrywide.pdf	Virginia Attorney General	jkouns	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-09-06	2009-02-03	13 Feb 11:26
Excerpt
r a €0UI`\tIWNId€‘ PO Box 24 940910 lvlt McCoy Station Post Office Simi Valley, CA 93065 September 6, 2008 Ref No.; tttl·67l 6l20S—tJl lllllllllu llc arc writing to inform you that we recently became...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 1128

add details to this primary source Description
Company discovered that more customer's personal information was compromised and will be sending out additional letters to those individuals.
Filename	Source	Researcher	Incident IDs
ME_10212008_countrywide_home_loans3.pdf	Maine Attorney General	kirniki	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-10-20	2009-01-19	03 Apr 21:52
Excerpt
// nsw -d , S / COIIIIIINWI Q r . ‘— V _ B52 1 FALLBROOK Avis l ` g Q MS WH»1 1 · ® WEST Hrnns, CA 9 1304 (B1B)316-SOOO l _ - ‘ (BIB) 316»8752 FAX V _ October 20, 2008 · l . . _ State of Maine n...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 1935

add details to this primary source Description
A former Countrywide employee may have sold personal information to a third party. Information included name, address, SSN, mortgage loan number and various other information.
Filename	Source	Researcher	Incident IDs
20081120_countrywide_home_loans.pdf	North Carolina Department of Justice, Consumer Protection Division	d2d	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
31710	2008-11-20	2009-06-13	21 Jul 14:35
Excerpt
_ North Carolina Security Breach Reporting Form ‘ · Pursuant to the Identity Theft Protection Act of 2005 Name ol`Busincss Owning or l .... icensing information Affected bythe PLEASE SUBMl'i` Ti);...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 1961

add details to this primary source Description
Copy of Letter to Customer : Countrywide - Employee sold personal information.
Filename	Source	Researcher	Incident IDs
FL_countrywide.pdf	Florida Attorney General	infolock	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-09-06	2009-06-23	09 Aug 20:49
Excerpt
F}; ·· . C0untmmde" PO Boz. # 940910 r rr r r r Mt McCoy Station Post Office Simi Valley, CA 93065 ` September 6, 2008 Dear Ws gzfornr {hat xr; réczcntk béczrmc uvyjarc that 21 Countrvwigiq cmpl...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 2253

add details to this primary source Description
Massachusetts Data Breach Notification : Countrywide - Employee sold personal information for identity fraud purposes.
Filename	Source	Researcher	Incident IDs
20080801_countrywide_MA.pdf	Massachusetts Attorney General	d2d	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
3	2008-08-01	2009-08-21	02 Nov 22:43
Excerpt
l 1 " l H ‘ _ » iililireg ;%> it W cz, ini; { _ ·.g:;i K2) ii.: i} U E . Countiywidei i , 1000 Coit Road ; 1. .- Plano, TX 75075 § State Breach Notification tpfni Gi: W nw 9 __,_m;L.< i CPA...

Click here for the Full Details | Download Raw PDF

Primary Source ID: 1567

add details to this primary source Description
New York Data Breach Notification : Countrywide - Former employee obtained personal information.
Filename	Source	Researcher	Incident IDs
Countrywide-Home-Loans-FS.pdf	New York State Consumer Protection Board	cwalsh	<a href='/incidents/show/1073'>1073</a>
Records	File Date	Uploaded	Updated
3731	2008-09-10	2009-05-07	02 Nov 22:44
Excerpt
02:2. M` 2%% bziéévm COL$N%&2&’wiG&& M}. M3? P 1_;;; i;;; 4 44 ;;; .-:i$i$i$i$iEiEi:—:·. Eizizizizi :i:?:¥:?:i zizizizizi.—:?$i$i$i:i:-. ¥:?:i:i:?.·:—:¥:i:¥:i:i:i. .¤:¥:?:i:?:i:i:i. Jzizizizizf...