Can You Expect Data Breaches From Bankrupt Mortgage Lenders?

The stock market is in a tumult. Actually, it’s been about a year since the subprime fiasco (did anyone take a look at Moody’s performance over the past year?). Now that that particular issue has been beaten to death, other mortgage-related issues are emerging. Most of the things the media covers are financial in nature, but some of those mortgage-related issues have to do with information security.

It’s no secret that there are many companies in the US that discard confidential documents by unceremoniously throwing them away: dump them by the curb, take them to a dumpster, dump them on the walls of an abandoned property, and other mind-boggling unsafe practices. In fact, MSNBC has an article on this topic and names numerous bankrupt mortgage companies whose borrower records were found in dumpsters and recycling centers. The information in those documents includes credit card numbers and SSNs, as well as addresses, names, and other information necessary to secure a mortgage.

Since companies have filed for bankruptcy and are no longer bankrupt, the potential victims involved have no legal recourse and must fend for themselves. In a way, it makes sense that companies that have filed for bankruptcy are behaving this way. (Not that I’m saying this is the proper procedure.) To begin with, if a company makes a mistake, the company is persecuted; however, the company went bankrupt, it no longer exists, so there is no one to “hunt down”. In light of the state of the business, this means that the actual person left behind to get rid of things, be it desks or credit applications, can choose to do whatever they want. It could destroy the applications. I could throw them close. He could walk away and let the owner of the building take care of them. What does it matter to him? It’s not like I’m going to fire him.

Also, proper disposal requires time, money, or both. A bankrupt company has no money. You may have time, assuming people stay, but creditors have likely seized your shredder. People are not going to stick around to shred things by hand, literally.

Are there no laws regulating this? These topics are apparently covered by FACTA, the Fair and Accurate Credit Transactions Act, and while its guidelines require that “companies dispose of confidential financial documents in a way that protects them against ‘unauthorized access or use of information'”. [msnbc.com], it does not require the physical destruction of data. I am not a lawyer, but perhaps there is enough room for maneuver in the language for you to go dumping confidential documents in the trash cans.

As I mentioned before, inappropriate deletion of confidential documents has been going on forever; I’m pretty sure this has been a problem since the first mortgage was issued. My personal belief is that most companies would act responsibly and try to properly dispose of such information. However, this can also be a cause for concern due to widespread misconceptions about what it means to protect data from unauthorized access.

What happens if a company that goes bankrupt decides to sell its company’s computers to pay off creditors? Most people would delete the information that is on the computer, and that’s the end of the story. Except it isn’t. When files are deleted, the actual data still resides on the hard drives; it’s just that the computer’s operating system no longer has a way of finding the information. In fact, this is how retail data restoration apps like Norton can recover accidentally deleted files.

Some may be aware of this and decide to format the entire equipment before shipping it to the new owners. The problem with this approach is the same as deleting files – data recovery is a breeze with the right software. Some of them retail for $ 30 or less, like free. Therefore, the sensitive data that is supposed to be deleted can be recovered, if not easily, at least cheaply, perhaps by people with criminal interests.

Am I being paranoid? I do not believe it. I’ve been tracking fraud for years, and I can’t help but conclude that the criminal underworld has a lot of people looking to be niche operators, not to mention that there are infinitesimal ways to defraud people (look for “salad oil” and “American Express” , for example). An ID theft ring seeking to collect confidential information from bankrupt mortgage dealers wouldn’t surprise me, especially in an environment where these companies are slipping from left to right.

The economics behind this also makes sense. A used computer will retail for between $ 100 and $ 500. The information it contains, if not properly erased, will average many times as much even when purchasing data recovery software is taken into account. Criminals have different ways of capitalizing on personal data, ranging from selling the information directly to participating in something with better profits.

Is there a better way to protect yourself? Encrypting the entire disk is one way to ensure that these problems do not occur: one can simply reformat the encrypted drive to install a new operating system; the original data remains encrypted, so there is no way to extract it. Plus, the added benefit is that data is protected in the event that a computer is lost or stolen. However, common sense dictates that encryption is something that current concerns are inscribed in, not companies on the brink of bankruptcy. I suppose that sooner or later we will find cases of data breaches originating from equipment dating back to bankrupt mortgage dealers.

The stock market is in a tumult. Actually, it’s been about a year, since the subprime mortgage fiasco (did anyone take a look at Moody’s performance over the past year?). what One issue in particular has been beaten to death, other mortgage-related issues are emerging. Most of the things that the media cover is financial in nature, but some of those mortgage-related topics have to do with information security.

It’s no secret that there are many companies in the US that discard confidential documents by unceremoniously throwing them away: dump them by the curb, take them to a dumpster, dump them on the walls of an abandoned property, and other mind-boggling unsafe practices. In fact, MSNBC has an article on this topic and names numerous bankrupt mortgage companies whose borrower records were found in dumpsters and recycling centers. The information in those documents includes credit card numbers and SSNs, as well as addresses, names, and other information necessary to secure a mortgage.

Since companies have filed for bankruptcy and are no longer bankrupt, the potential victims involved have no legal recourse and must fend for themselves. In a way, it makes sense that companies that have filed for bankruptcy are behaving this way. (Not that I’m saying this is the proper procedure.) To begin with, if a company makes a mistake, the company is persecuted; however, the company went bankrupt, it no longer exists, so there is no one to “hunt down”. In light of the state of the business, this means that the actual person left behind to get rid of things, be it desks or credit applications, can choose to do whatever they want. It could destroy the applications. I could throw them close. He could walk away and let the owner of the building take care of them. What does it matter to him? It’s not like I’m going to fire him.

Also, proper disposal requires time, money, or both. A bankrupt company has no money. You may have time, assuming people stay, but creditors have likely seized your shredder. People are not going to stick around to shred things by hand, literally.

Are there no laws regulating this? These topics are apparently covered by FACTA, the Fair and Accurate Credit Transactions Act, and while its guidelines require that “companies dispose of confidential financial documents in a way that protects them against ‘unauthorized access or use of information'”. [msnbc.com], it does not require the physical destruction of data. I am not a lawyer, but perhaps there is enough room for maneuver in the language for you to go dumping confidential documents in the trash cans.

As I mentioned before, inappropriate deletion of confidential documents has been going on forever; I’m pretty sure this has been a problem since the first mortgage was issued. My personal belief is that most companies would act responsibly and try to properly dispose of such information. However, this can also be a cause for concern due to widespread misconceptions about what it means to protect data from unauthorized access.

What happens if a company that goes bankrupt decides to sell its company’s computers to pay off creditors? Most people would delete the information that is on the computer, and that’s the end of the story. Except it isn’t. When files are deleted, the actual data still resides on the hard drives; it’s just that the computer’s operating system no longer has a way of finding the information. In fact, this is how retail data restoration apps like Norton can recover accidentally deleted files.

Some may be aware of this and decide to format the entire equipment before shipping it to the new owners. The problem with this approach is the same as deleting files – data recovery is a breeze with the right software. Some of them retail for $ 30 or less, like free. Therefore, the sensitive data that is supposed to be deleted can be recovered, if not easily, at least cheaply, perhaps by people with criminal interests.

Am I being paranoid? I do not believe it. I’ve been tracking fraud for years, and I can’t help but conclude that the criminal underworld has a lot of people looking to be niche operators, not to mention that there are infinitesimal ways to defraud people (look for “salad oil” and “American Express” , for example). An ID theft ring seeking to collect confidential information from bankrupt mortgage dealers wouldn’t surprise me, especially in an environment where these companies are slipping from left to right.

The economics behind this also makes sense. A used computer will retail for between $ 100 and $ 500. The information it contains, if not properly erased, will average many times as much even when purchasing data recovery software is taken into account. Criminals have different ways of capitalizing on personal data, ranging from selling the information directly to participating in something with better profits.

Is there a better way to protect yourself? Encrypting the entire disk is one way to ensure that these problems do not occur: one can simply reformat the encrypted drive to install a new operating system; the original data remains encrypted, so there is no way to extract it. Plus, the added benefit is that data is protected in the event that a computer is lost or stolen. However, common sense dictates that encryption is something that current concerns are inscribed in, not companies on the brink of bankruptcy. I suppose that sooner or later we will find cases of data breaches originating from equipment dating back to bankrupt mortgage dealers.