Countrywide Employee Arrested For Stealing Customer Private Data
Californian FBI agents have recently arrested a Countrywide Financial Corp. employee suspected to have stolen personal information about the home mortgage lender’s customers. This new negative event puts a whole new pressure on the company who has been severely affected by the current lending crisis and has also been investigated for fraud.
According to a Computerworld article, Rene Rebollo who was a senior financial analyst for Countrywide Home Loan’s subprime mortgage division, accessed customer data through his work computer and saved it onto flash drives that he then took out of the company. According to the FBI, Rebollo admitted three months ago to have given the private information to third parties. Another man accused of having bought the stolen data was also arrested along with Rebollo.
How much money did Rebollo make from selling the data? Not nearly enough to compensate the minimum 5 years he could spend in jail: 50,000 to 70,000 dollars! Countrywide is now analyzing if he has really exposed the identity of customers and if this is the case, all those affected will be notified.
It would be interesting to see a subsequent analysis of how much Countrywide lost in this affair. But it is hard to determine the costs of a bruised image and shattered trust in the company.
August 6th, 2008 at 11:12 am
Just goes to show that companies should really invest some time and money to shut gaps and threats from the inside.
Most companies do buy nice firewalls and IDP:s and monitor external traffic like they should but they forget the biggest threat coming from the inside.
Also laptop computers, flash drives, mp3 players and so on should be controlled in a “sys admin from hell” matter or not used at all.
August 6th, 2008 at 8:09 pm
Mats, you are quite right! When you can have a list of approved removable devices and you can monitor every little thing happening to a file with a good endpoint security solution, it’s unacceptable to have so many people affected by an inaccurate security policy.
September 10th, 2008 at 2:32 am
OMG. I was in the dark to this until I got my notice from Countrywide today. My personal information along with at least 25,000 other Countrywide customers was also sold by this Rene Rebollo (this 25,000 is the current count given by Countrywide, but still investigating so probably many more). I was wondering why I was getting so many sales or prank (no response) calls over the last year and to tell you the truth something like this crossed my mind. Has anyone else whose information was exploited been receiving calls which show up on caller ID as “Illinois call”, “New York call” or “HSBC call”? Or… has anyone noticed an increase in these types of calls from other companies? They claim to be calling for Credit Card companies and keep calling me Robin, trying to get out of me any of my own personal information, stating that I should prove that I am not Robin. I know this is against credit collection practices and all three keep calling back so I really do think there is another purpose behind the calls. Wondering if I should bother the FBI and report these calls.
Jeeeeez… comes at a time when I was already so discouraged in mankind and their greed after dealing with the crooked Dr. Dipak Desai and his partners for jeaopardising my health along with more than 60,000 patients for their greed. Reusing syringes, spreading Hepatitis and possibly aides, all for the sake of saving a buck on the syringe and who knows how much they bilked out of the insurance companies and Medicaid/Medicare billing for a number of vials of anesthesia for each patient when they actually used one contaminated vial on several patients. Another FBI investigation.
I am going to look into the possiblities of changing my SSN… I am sure if it is possible, it is going to be tough to accomplish.
September 10th, 2008 at 12:22 pm
Hi Teresa! Thank you for sharing your experience with us! Seems like you’ve indeed been on a spree in what bad luck is concerned and I am sorry to hear that!
I have no idea of what other customers have experienced due to this breach, but if there are any persons to contact in the Countrywide notice, maybe you should talk to them, find out what other customers have reported and what you can do to stop these people from harassing you.
All the best to you!
September 10th, 2008 at 4:41 pm
I am a recent victim of the Countrywide theft. I feel so violated. I was asked to file a police report as well as contacting the FTC. Hopefully, my information was not sold to be distributed out of the country, you can’t get any money back if that takes place.
September 10th, 2008 at 8:40 pm
DTG, thank you for joining the conversation! I can imagine how bad it feels to be in such a position. Hope the police and FTC have been able to help you get through this easier. Again, thanks for sharing!
September 11th, 2008 at 9:51 pm
I just received the same notice yesterday. So, should we be taking any sort of legal action?
September 12th, 2008 at 1:27 am
I just received the notice from Countrywide regarding the security breach. I am disgusted to say the least. I registered for the credit protection plan as suggested by Countrywide, however, it’s not a guarantee that I won’t suffer the aftemath for years to come.
September 13th, 2008 at 1:18 am
should we all go back to countrywide and hold them accountable? If I missed a payment or two I was charged and treated terrible , I was also put into a subprime on my home after just comming out of a coma, by countrywide agent. What to do?
September 13th, 2008 at 1:21 am
If there is a class action law suit started already I would like to know. PLEASE
September 15th, 2008 at 5:41 am
Hi everyone, thank you for your comments! I haven’t seen any news about a group action being taken against Countrywide, but that does not mean it’s not going to happen.
Reggie is right, the effects could happen at any point in the future, I advise keeping an eye on the investigation and its results.
If any of you really want to, you can always ask a lawyer’s advice on if and how you can hold Contrywide responsible for the breach. I would say monitoring their files transfers to unauthorized portable devices wouldn’t have been an impossible task and would have helped stop this a lot sooner.
September 16th, 2008 at 1:02 am
Just to share … I called the number provided in the letter to learn EXACTLY WHAT PERSONAL INFORMATION was compromised.
As you would expect, I got a first-tier response answer: “The only thing lost was your social security number”. When I informed him that the letter said otherwise, he stated that the situation was under investigation and nothing more could be learned. When I stated that SOMEONE in CW knows exactly what information was exposed, he passed me along to a supervisor in Plano, TX. She stated the company line that nothing more could be shared because of the on-going investigation.
It is unconscionable for us to not know what data was lost due to their incompetence. This information was entrusted to CW and now we have no idea as to the extent of what has been comprimised. Which account numbers, what personal information, etc. If you are like me, that is unacceptable. I don’t have the personal funds to hire an attorney to pursue the issue but certainly want the information.
September 16th, 2008 at 6:00 am
Hi Gary, welcome and thank you for sharing your experience. Did they say anything about when the investigation will be over or if they would contact those affected again with new details?
September 16th, 2008 at 6:50 pm
Great question! I wish I would have thought to ask! No, nothing was volunteered.
September 16th, 2008 at 6:55 pm
Well, if they didn’t volunteer it, ask for it the next time you call them
If they don’t keep you informed, just keep bugging them. I know I would 
September 18th, 2008 at 11:08 pm
Is there a class action law suit against countrywide for this problem, I was one of the ones that had all info stolen.
September 19th, 2008 at 1:22 am
For months I have been receiving phone calls from strange 1-800 numbers. Today I received a call from Virgin Mobile telling me I needed to renew my account….I DON’T have an account. I asked the representative if they could tell me how she received my information. Surprise she couldn’t disclose this information. I am more than ****** I just got married and had to change everything…Now do I have to go back and change my accounts again, my social security number, my bank accounts???? I want Countrywide to be responsible and I am prepared to initate some sort of legal action. This is terrible! You call Countrywide’s supposed hotline and they can’t tell you anything. You activate the 2 year free credit reporting and they only provide you one of the three bureau’s and want to charge you for the other 3. ARE YOU KIDDING ME!!!! I am the VICTIM on Countrywide’s lack of security. As a VICTIM I want action and I want action NOW before my life becomes an identity nightmare. If anyone else feels the same way let me know!
September 19th, 2008 at 3:47 am
Hey there, I just got a letter?? Will these people be able to break into my accounts (bank, etc) that I opened after I got my mortgage??? I am freaked out! What can I do now to protect myself??
September 19th, 2008 at 5:07 pm
I work for a car dealership we can not have in our posession any information on a customer that could lead to identity theft…it’s called the Graham Leach Law/ Privacy Act. If we can protect our customers why can’t countrywide protect me??? The more I think about this situation the angrier I become.
September 20th, 2008 at 1:50 am
I called them again today because I have been receiving odd phone calls over the past several weeks. We never put it together until the letter arrived. I answered a few and so did my husband, but after the letter came we connected it. The calls begin as recorded messages from “your credit card company” alerting us that it is our last chance to take advantage of their offer to protect our credit cards. Followed the prompts to get a “rep” and as soon as I started asking questions about how they got me on their list (since we hadn’t inquired) and I was hung up on two times. The other calls my husband hung up right away. I did get the number from my caller ID and provided it to CW. Had to go through the customer service reps and insist on managers for anyone to listen to me. When the number was dialed it is an overseas number….and two of the calls came through on the cell phone, not just the house line. I think that CW has opened us up to the potential for disaster as their customers and one fraud incident is too many! The offer of two years monitoring is to help cover their A**; but personally I think that the time frame is ridiculous. For the risk they have created could still be just as dangerous four years or ten years from now. Your social is your social and it ticks me off that we will have to be more diligent over the coming years. Shame on CW.
September 20th, 2008 at 7:34 am
Thank you everyone for your comments. I can only imagine how hurt, angry and worried you all are. As for the effects of this mess, you are right, it won’t take only 2 years, but if the FBI is pressured they might find out what was stolen and to whom it was then sold.
It seems like countrywide is not doing much to keep its customers informed, to reassure them and to be open about what they are planning to do in the future. You can keep trying and keep calling them, you can take legal action or simply ignore them and do everything you can to protect yourself.
Yet I can’t shake the feeling Countrywide could be a little more considerate about its customers after screwing up this bad!
September 20th, 2008 at 7:45 am
[...] We’ve been talking a lot about security breaches, data loss or theft and identity theft here on Endpoint-Security.Info. What I think we lacked to stress enough is how those whose records are lost, exposed or stolen feel after it’s all happened. Luckily, quite a few victims of the CountriWide data theft have shared their experiences and fear with us on the first post we’ve published on the matter. [...]
October 30th, 2008 at 11:11 pm
I also received the form letter from CW and contacted them via phone. Unfortunately, I didn’t learn anything new after repeated requests. Their response is completely unacceptable.
Any movement on a class action suit? They have to be held accountable.
November 5th, 2008 at 4:58 pm
Astonished, from what I could find, there is a class suit going, but on a different matter. Maybe a second one will follow, as it seems they’ve been badly mistreating their customers.
December 1st, 2008 at 6:50 am
I think a class action suit is definitely in order. I almost destroyed the notification letter also thinking it was junk mail since CountryWide is always trying to get you to refinance. This will follow us all beyond the two years of free credit information. Would we all be notified if a class action suit is filed. Are there time frames beyond which a suit cannont be filed?
December 1st, 2008 at 8:54 am
Hi Katie, unfortunately, a lawyer needs to answer these questions as we are not experts on law suits.
February 18th, 2009 at 1:23 am
I too was a victmn of the Countrywide theft. They did try to charge $16,000 on my Wachovia card. I was fortunate that Wachovia caught it. But I was embarrassed when I went to use my card and discovered that I was denied use of the credit card.
There are so many things that can happen with this.
1. They can gain employment and not pay taxes on the earnings. This would be a nightmare with the IRS.
2. They could get identification and get drivers licenses etc. In turn, getting violations on your driving record
***This is very easy to do since all of the creditors use your mothers maiden name as the password. It is very easy to look up on the internet and get all of the information.
3. They could get identification and committ a crime.
4. They could open accounts which would be a nightmare to prove that they were not mine
I too am extremely pissed off. They were deceitful with the letter and made it seem as if it were a refinance flyer. I went to see a lawyer in Washington, D.C. He seemed as if he was new and did not have that much experience. I am very interested in getting a class action lawsuit together. How do we move forward. They should be responsible for their employee!!!!!
June 6th, 2009 at 6:19 pm
I just go a call today from an agency that said someone had submitted my social and name from either PayMyBills.com or LendingTree.com, so I guess my mess is just beginning! I can’t believe that no information has been provided by the Authorities (FBI) regarding where that employee sold the information. Looks like I’ll be paying for a credit service forever at this point! I’m not happy, to say the least. I guess I will contact those two services and find out how they got my information, for starters.
May 3rd, 2010 at 9:09 am
There is a settlement regarding the data theft of Aug 2008 in the western district court of Kentucky. If approved on Jul 19, 2010. You will be bound by the terms of this settlement.
Learn more about it: http://www.cwdataclaims.com