Has Banking Industry Overlooked Its Biggest Breach Ever?

Way back in July, law enforcement agencies issued a press release stating that they had indicted a former employee at Compass Bank for stealing information from the company. It now appears that the theft might be the biggest breach in banking history.

According to the privacy site PogoWasRight.org, new details about the case against former Compass employee James Kevin Real indicate that approximately 1 million customers' personal information may have been exposed in the incident.

In July 2007, James Kevin Real, a computer programmer for Compass Bank, was indicted on six counts of financial institution fraud, four counts of access device fraud, two counts of aggravated identity theft, and one count of fraudulent possession of access-device-making equipment, the privacy site reports. He was accused of collaborating with Laray Byrd to produce and use counterfeit debit cards based on the customer information he had stolen.

At the time of his indictment, the Department of Justice issued a press release about the case, but no mainstream media sources seem to have covered the story back then, PogoWasRight reports. Sites that rely on media reports all missed the breach.

"In light of the details now available, the breach appears to be the largest bank breach involving insider theft of data in terms of number of customers whose data were stolen," the privacy site reports.

It isn't clear whether Compass Bank ever notified the more than 1 million customers that their data had been stolen, nor has any information been published on how the bank handled disclosure and notification.

— Tim Wilson, Site Editor, Dark Reading