Merchant911 - Fraud Prevention for Merchants

12 Jul

Internal Data Breach at Wells Fargo - Not Just One?

911Logo.gifSPACER.gifAccording to a document released by the New Hampshire Department of Justice Wells Fargo suffered potential compromise of 24 Social Security numbers and mortgage loan account numbers. That’s not a large number in the big scheme of things - unless you are one of those 24.

Merchant911 was recently involved in an investigation that indicates there was an internal breach somewhere in the Wells Fargo organization. If what we found out is true, up to 125,000 credit cards were compromised. I haven’t seen this one reported anywhere.

What we know

A Merchant911 member, known to be a very reliable source, reported chargebacks on 197 transactions amounting to USD $5,000. All transactions were fully approved with AVS, CVV2 and the rest. When the chargebacks started coming in, our member did some investigating. All 197 transactions were made with Wells Fargo cards and all came from one of two IP number blocks belonging to Wells Fargo. One of those numbers traced back to a Wells Fargo firewall.

The member reported the information to Wells Fargo and ended up speaking with the VP of Financial Crimes. He also got at least one follow-up phone call asking for more information and confirming that the IP addresses were internal and at least one was a firewall. Wells Fargo, of course, denied that this was an inside job. How could it not be if the transactions were coming from behind their firewall?

While all this was going on, Merchant911 was also following a blog thread on Consumerist where an individual was alleging that he had knowledge of in internal breach of as many as 125,000 Wells Fargo credit card accounts. His was one of those cards and he was given the information by a Wells Fargo official. We were not able to confirm this nor were we able to put this alleged breach together with the other.

Persistence Pays Off

In the last week of June, our Merchant911 member got hit with yet another fraudulent purchase but the vigilant cardholder saw the transaction online and immediately reported it to the merchant. Based on that report, our merchant contacted law enforcement and surveillance was set up at the delivery point. One person was arrested and, not surprisingly, it was a Wells Fargo employee.

It remains to be seen whether these three events are related. We may never know.

Enjoyed this post? Found it informative? Click here to susbcribe to my RSS feeds!

This entry was posted on Saturday, July 12th, 2008 at 10:23 am and is filed under Credit card, Data Breach, Wells Fargo, credit card fraud, fraud, fraud trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« More ATM Hacks - A Disturbing Trend
A Personal Note »

2 Responses to “Internal Data Breach at Wells Fargo - Not Just One?”

  1. 1
    David Says:

    You should submit this story to news outlets. Excellent job!

    July 14th, 2008 at 2:51 pm
  2. 2
    Accounts Wells Fargo Online Says:

    Accounts Wells Fargo Online…

    Please keep these excellent posts coming….

    July 26th, 2008 at 8:05 am

Leave a Reply

© 2008 Merchant911 - Fraud Prevention for Merchants | Entries (RSS) and Comments (RSS)

GPS Reviews and news from GPS Gazettewordpress logo