This story continues to unfold with initial estimates of 500 thousand records accessed being bumped up to 670,000. Nine arrests have been made by New Jersey authorities following months of investigation. Via ComputerWorld:

The case has already led to criminal charges against nine people, including seven former employees of the four banks. The crime ring apparently accessed the data illegally through the former bank workers. None of those employees were IT workers, police say. ...the suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms, police say.

The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia says. The data was then provided to a company called DRL Associates, which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police say.

Read more here and here.

Multiple federal agencies are now participating on the investigation, including the Treasury Department and the Internal Revenue Service. And in a move that should reverberate through the legal industry for some time, authorities have state that the next phase of their investigation will include targeting law firms and collection agencies who purchased data from the crime ring.

-- MDT

Labels: database