{"id":1013,"date":"2008-10-01T18:13:28","date_gmt":"2008-10-02T02:13:28","guid":{"rendered":"\/?p=1013"},"modified":"2008-10-03T19:53:06","modified_gmt":"2008-10-04T03:53:06","slug":"are-countrywides-systems-designed-around-need-to-know","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1013","title":{"rendered":"Are Countrywide's systems designed around need to know?"},"content":{"rendered":"

\"I'm<\/p>\n

It was inevitable, given how sloppy many companies are when handling\u00a0the identity of their customers,\u00a0that someone\u00a0would eventually steal all my personal information.\u00a0 But no matter how much science you have in your back pocket, it hurts when you get slapped in the face.<\/p>\n

The theory is clear:\u00a0 systems must be built to withstand being breached.\u00a0 But they often aren't.<\/p>\n

One thing for sure:\u00a0the\u00a0system used\u00a0at Countrywide Mortgage was so leaky that when I phoned my bank to ask how I should handle the theft,\u00a0my advisor said, “I don't know.\u00a0 I'm trying to figure that out, since my information was stolen too.”\u00a0 We commiserated.\u00a0 It's not a good feeling.<\/p>\n

And then we talked about the letter.<\/p>\n

What a letter.\u00a0\u00a0It is actually demented.\u00a0 It's\u00a0as though\u00a0Countrywide's information systems\u00a0didn't exist, and weren't a factor in any insider misbehavior.\u00a0<\/p>\n

I agree there was a bad employee.\u00a0 But is he the only guilty party?\u00a0 Was the system set up so\u00a0employees could only get at my personal information\u00a0when there was a need to know<\/strong>?\u00a0<\/p>\n

Was the need to know documented?\u00a0 Was there a separation of duties?\u00a0 Was there minimization of data?\u00a0 Can I see the audit trails?\u00a0 What was going on here?\u00a0 I want to know.<\/p>\n

My\u00a0checks\u00a0rolled in\u00a0to Countrywide with\u00a0scientific precision.\u00a0 No one needed to contact me through emergency channels.\u00a0\u00a0Why would anyone get access to\u00a0my personal information?\u00a0 Just on a whim?\u00a0\u00a0<\/p>\n

How many of us were affected?\u00a0 We haven't been told.\u00a0 I want to know.\u00a0 Iit bears on need to know<\/strong> and storage technologies.<\/p>\n

But I'm ahead of myself.\u00a0 I'll share the letter, sent by Sheila Zuckerman on behalf of “the President” (“President” who??).<\/p>\n

We are writing to inform you that we recently became aware-that a Countrywide employee (now former) may have sold unauthorized personal information about you to a third party. Based on a joint investigation conducted by Countrywide and law enforcement authorities, it was determined that the customer information involved in this incident included your name, address, Social Security number, mortgage loan number, and various other loan and application information.<\/p>\n

We deeply regret this incident and apologize for any inconvenience or concern it may cause you. We take our responsibility to safeguard your information very seriously and will not tolerate any actions that compromise the privacy or security of our customers’ information. We have terminated the individual's access to customer information and he is no longer employed by Countrywide. Countrywide will continue to work with law enforcement authorities to pursue further actions as appropriate.<\/p>\n

I don't want to hear this kind of pap.\u00a0 I want an audit\u00a0of your systems and how they protected or did not protect me from insider attack.<\/p>\n

If you are a current Countrywide mortgage holder, we will take necessary precautions to monitor your mortgage account and will notify you if we detect any suspicious or unauthorized activity related to this incident. We will also work with you to resolve unauthorized transactions on your Countrywide mortgage account related to this incident if reported to us\u00a0in a timely manner.<\/p>\n

I find this paragraph\u00a0especially arrogant.\u00a0 I'm the one who needs to do things in a timely manner although they didn't take the precautions necessary to protect me.\u00a0<\/p>\n

As an additional measure of protection, Countrywide has arranged for complimentary credit monitoring services provided by a Countrywide vendor at no cost to you over the next two years. We have engaged ConsumerInfo.com, Inc., an Experian\u00ae Company, to provide to you at your option, a two-year membership in Triple Advantage Credit Monitoring.\u00a0 You will not be billed for this service. Triple Advantage includes daily monitoring of your credit reports from the three national credit reporting companies (Experian, Equifax and TransUnion\u00ae) and email monitoring alerts of key changes to your credit reports.<\/p>\n

Why are they doing this?\u00a0 Out of the goodness of their hearts?\u00a0 Or because they've allowed my information to be spewed all over the world through incompetent systems?<\/p>\n

To learn more about and enroll in Triple Advantage, log on to www.consumerinfo.com\/countrywide<\/a> and complete the secure online form. You will need to enter the activation code provided below on page two of the online form to complete enrollment. If you do not have Internet access, please, call the number below for assistance with enrollment.\u00a0\u00a0 You will have-90 days from the-date of-this letter-to-use the code to activate the credit monitoring product.<\/p>\n

Borrower Activation Code: XXXXXXXXX<\/p>\n

And now the best part.\u00a0 I'm going to need to hire a personal assistant to do everything required by Countrywide and still remain employed:<\/p>\n

In light of the sensitive nature of the information, we urge you to read the enclosed brochure outlining precautionary measures you may want to take. The brochure will guide you through steps to:<\/p>\n