Incident Summary #13: Fraudster targets financial institution employees and then customers to obtain personal information
This report details an incident where a fraudster impersonated an unknown individual to trick a financial institution's employees into revealing customer contact information. The fraudster then used this information to extract further personal details from approximately 100 customers, increasing their risk of identity theft. The financial institution took immediate steps to mitigate the breach, including offering credit monitoring and enhancing staff training.
- Effectiveness of internal controls to prevent unauthorized disclosure of personal information
- Adequacy of breach response and mitigation measures
- Risks of identity theft and fraud due to personal information disclosure
Incident reported and addressed
The financial institution proactively reported the incident to the OPC, conducted an investigation, notified affected customers, provided credit protection, and implemented enhanced controls and training to prevent recurrence. These actions led to a resolution of the matter.
AI-generated summary for reference only. Always verify against the official decision ↗
The financial institution offered complimentary credit protection monitoring to affected customers and implemented enhanced internal controls and staff training.
This summary is for informational purposes only and does not constitute legal advice.