Report: 21 million German bank accounts for sale
Black market criminals are offering to sell details on 21 million German bank accounts for €12 million (US$15.3 million), according to an investigative report published Saturday.
Reporters for WirtschaftsWoche (Economic Week) managed to obtain a CD containing 1.2 million accounts after a November face-to-face meeting with criminals in a Hamburg hotel, according to the magazine.
Posing as buyers working for a gambling business, the journalists were able to strike a price of €0.55 per record, or €12 million for all the data. They were given a CD containing the 1.2 million accounts when they asked for assurances that the information they would be buying was legitimate.
That CD contained the names, addresses, phone numbers, birthdays, account numbers and bank routing numbers of the theft victims, they reported. In some cases, the victim's account balance was also provided. The data was most likely collected from call center employees, the magazine reports.
Although banking passwords were apparently not included on the CD, criminals would be able to use this data to withdraw funds from a victim's account, said Thierry Zoller, an independent security consultant based in Luxembourg.
Scammers could use this type of information to initiate a large number of debits from German banks, making each withdrawal small in hopes that it would not be noticed by the victim, he said.
This is the second high-profile German data breach in the past two months. In October, Deutsche Telekom reported that thieves had stolen a storage device containing account information on about 17 million customers of its T-Mobile Germany subsidiary. That breach did not involve bank or credit card information, however.
When sold in small quantities, full bank account details can fetch as much as $1,000 per record, said Avivah Litan, an analyst with Gartner Research. "Without a doubt, bank accounts yield the highest value in the black market," she said.
She said that it's remarkable that this type of breach was reported in Germany.
"You'd think Germany would have some of the tightest controls around bank account data," Litan said. "Europe has very strong privacy laws and Germany is one of the biggest enforcers of those privacy laws. So I think the fact that this data was available on the German black market shows how far the criminals have gone."
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
