Bank of the West job applicants are scrambling for answers regarding a recent data breach that may have involved stolen personal information such as Social Security and driver’s-license numbers.
The company sent letters and e-mails Thursday to anyone who applied for a job with the San Francisco-based banking firm before Dec. 19, the date the breach was discovered.
Officials would not disclose the number of affected people or the full period when applicants’ data may have been compromised.
“It could’ve been user name and pass code; it could’ve been more personal information like Social Security numbers, driver’s license, date of birth,” said Debra Jack, Bank of the West spokeswoman. “We don’t have conclusive evidence that personal information was taken, but we sent those letters as a precaution.”
Once the company identified the source of the breach as its online application system that had been retired earlier in 2013, security personnel disabled the affected servers and began an investigation with the FBI.
“Whenever there is a breach involving (personally identifiable information), people should be concerned,” said Michael Locatis, former assistant secretary of cybersecurity at the U.S. Department of Homeland Security. “There’s more and more of this with retailers and everything else.”
Bank of the West employs 10,000 people in 600 branch locations in 19 states, including five in Colorado.
Nearly two months passed between the discovery of the breach and the time that the notification letters were sent, yet the company says it communicated as soon as it could.
“We wanted to make sure we had all the materials and presented the most accurate information we could,” Jack said. “We are working with forensic experts and law enforcement to investigate it fully.”
The news comes as the U.S. government debates potential legislation related to cybersecurity threats and businesses’ responsibility to their consumers.
Kristen Leigh Painter: 303-954-1638, kpainter@denverpost.com or twitter.com/kristenpainter