Banks Alert Customers Of Data Theft

By Jonathan Krim
Washington Post Staff Writer
Thursday, May 26, 2005

Several major banks have begun notifying customers that their personal data may have been exposed as part of a scheme to sell the information to debt collection agencies and law firms specializing in such cases.

So far, New Jersey police have arrested 10 people, including eight employees or ex-employees of four major banks, in an operation authorities allege lasted four years and netted its ringleader at least $2 million.

The New Jersey-based employees of Bank of America, Wachovia, PNC Bank and Commerce Bank were paid for personal data on as many as 675,000 customers, said Capt. Frank Lomia, head of detectives for the Hackensack, N.J., police department.

The banks said there is no evidence that the information was used to steal money from accounts or to commit identity theft. In keeping with practice that has become standard in such cases, the banks are offering customers free credit-monitoring service for a year.

Lomia said yesterday that more bank employees are likely to be arrested as the investigation continues. As many as 10 banks may have been involved, according to a report in the Wall Street Journal.

Police made the first wave of arrests April 28. In addition to the bank employees, police arrested a man they said headed the scheme, Orazio Lembo, and an employee of the New Jersey Labor Department, Orlando Rivera.

According to charging documents, Lembo operated DRL Associates, a collection agency, out of his New Jersey home. He allegedly would pay bank employees for customer data that would then be resold to a stable of 48 law firms and collection agencies, along with workplace information gleaned from the labor department employee.

Police said they seized computer disks at Lembo's home containing names and Social Security numbers of roughly 675,000 people, which the banks have been matching against their records to determine which customers' data might have been compromised.

"He had a small army" of bank and state workers enlisted in the effort, Lomia said of Lembo, providing the collection outfits with high-quality, up-to-the-minute information on their targets.

Although the operation was primarily based in New Jersey, Lomia said Lembo was branching out into Manhattan shortly before the arrests.

Lomia said that the theft went undetected for so long in part because the data was not sold to identity thieves, or to those who sought to drain customer accounts, and thus did not trigger consumer complaints.

The scheme was uncovered after an unrelated burglary, which focused police attention on DRL.

© 2005 The Washington Post Company