Hackers have accessed confidential details of an estimated 5,000
customers of an American banking group.
San Francisco-based Wells
Fargo is notifying affected customers of the breach.
Details of the breach are contained in a
letter
that the bank sent to New Hampshire's attorney general. It appears
to be one of several letters sent to different states where
people's data has been compromised.
Written by the bank's senior company counsel, Peter McCorkell,
it said, "This letter is to advise you of an information compromise
incident which affects residents of New Hampshire.
"Wells Fargo Bank, N.A. has been advised by a reseller of
consumer data, including consumer credit bureau data, of suspicious
transactions made using Wells Fargo access codes. Our investigation
confirmed that a significant number of unauthorized transactions
had been made using Wells Fargo's codes. At this time, we do not
know how our codes were compromised. We have notified the United
States Secret Service, and it is investigating this matter."
Personal information including names, addresses, dates of birth,
social security numbers, driver's licence numbers and, in some
cases, credit account information was accessed by "unauthorized
person or persons".
The bank initially estimated that hackers accessed details of
7,000 customers, although its latest estimate has decreased that
number to 5,000.
The letter continued: "About 7,000 individuals are affected by
this incident. At this time, we have apparently mailable addresses
for only 2,410 of which nine are residents of New Hampshire. We are
attempting to find usable addresses for the remaining affected
individuals and will supplement the count for your state when we
do."
In a letter to affected customers, the bank said, "We are
writing to inform you that a third-party data provider has notified
us that a Wells Fargo access code was used to gain unauthorized
access to your personal information."
It continues: "We are working with the credit bureaus to ensure
that any unauthorized inquiries under Wells Fargo's name will not
affect your credit rating."
The bank is offering affected customers a free one-year
membership of a service to monitor their credit files at the
national credit reporting agencies for suspicious activities that
could indicate identity theft.
It suggests that customers, as a precautionary measure, should
contact all of their other banks, credit card companies, and
providers of financial services to ask what further steps they
advise.
A spokeswoman for the bank said, "Wells Fargo is taking this
incident very seriously and we are taking significant steps to help
consumers protect their financial accounts. This is an isolated
incident, and we are actively supporting law enforcement in the
investigation to identify those responsible."
Wells Fargo was hit by a
data security breach two years ago when a computer containing
confidential details about mortgage customers went missing.