It appears that Fifth Third Bank has been stung by an employee fraud ring that stole customer information.
Fifth Third reported that customer information was stolen by a group of employees who sold the information to people outside of the company. Thos people than used the stolen customer information to set up fraudulent credit accounts at other companies.
The stolen information included name, Social Security number, driver’s license information, mother’s maiden name, address, phone number, date of birth and account numbers.
The theft of the data goes all the way back to 2018 so either the bank did not detect it until recently, or are just getting around to reporting it now.
A Small Group of 100 Customers Have Experienced Fraud
They reported that 100 customers have currently been impacted, but that might not be the extent of the fraud. Investigations are still ongoing.
Yesterday, they provided this update to the press which they hoped would clarify that it was not the result of a cyberhack, but of internal fraud by employees.
“Last week we reached out to customers whose personal information was manually accessed by a small number of former employees and may have been shared with people outside of the bank as part of a fraud ring. To be clear, this was not a cybersecurity data breach event, but rather an orchestrated effort by a small group of employees to steal personal information. At this time, we have confirmed approximately 100 customers who have experienced known fraud. Out of an abundance of caution, all customers whose data potentially may have been accessed by these individuals are being contacted. “
Fifth Third Bank
They are Taking Immediate Steps To Investigate and Improve.
Fifth Third indicated that they are taking immediate steps to strengthen these protective measures.
They also advised that any customer who experiences a direct financial loss will be reimbursed, and they are offering free Identity Alert for one year to any individual whose information was potentially accessed.
During the course of the investigation, they terminated the employees who were known to be involved in the fraud.
It is unclear what actions or cooperation they are getting from Law Enforcement.
Internal Fraud is A Serious Issue At Most Banks
While this sort of report from Fifth Third is rare for banks, internal fraud is not. Most banks just fail to look for it, and as a result, never find it or report it.
I spent 2 years as an Internal Fraud Investigator with a major bank. My job was to develop policies and procedures for dealing with internal fraud and for monitoring home grown detection programs to find employees that were stealing data or misusing the host system to commit credit card fraud.
What I learned during those two years was that internal fraud is not well understood or accepted by banks. The bank I worked with quickly disbanded the automated detection program I built because they simply didn’t think it was a high priority. I was surprised to hear that news after I left because I was detecting 5-7 cases of internal fraud each month.
Check out this article I wrote if you would like to read about 10 Best Practices to Prevent Internal Fraud at Banks.