Operation "Gold Donkey" Steals Bank Account Info from Millions

According to investigative reporters for WirtschaftsWoche, 21 million Germans have had their personal information stolen along with their bank account and bank code numbers. The thieves are offering to sell the data for 12 million euros (about 15.3 million dollars). It is believed the scammers gathered the data by using employees at financial institution call centers.

Could this happen in the U.S.?

It certainly could. Privacy laws throughout Europe are generally tighter than U.S. laws and Germany is among the tightest. Low employee morale, caused by a deteriorating job market and chaos within the financial sector makes crimes like this more likely. I'm sure it's tempting for employees to grab whatever data they can as they're shown the door or maybe they're just looking to add to a mediocre salary. Whatever the reason, it may be time to buckle up and prepare for a bumpy ride.

What could criminals do with this data? Make bank withdrawals.

Criminals can use the bank account info to make withdrawals - either big or small. A .57 cent bank withdrawal from 21 million accounts still ads up to... ummm... let me get my calculator out... $11.97 million dollars. And that's this month, and next month, and the next month, etc. until they're caught or they decide to make a big withdrawal and run.

Here's their strategy, detailed in an IT World article:

Although banking passwords were apparently not included on the CD, criminals would be able to use this data to withdraw funds from a victim's account, said Thierry Zoller, an independent security consultant based in Luxembourg.

Scammers could use this type of information to initiate a large number of debits from German banks, making each withdrawal small in hopes that it would not be noticed by the victim, he said.

This is why carefully checking your bank records is important. If you see a unexplained entry - even if it's small - you should track it down until you understand where it came from. Otherwise you might unexpectedly see a much bigger withdrawal from the same source somewhere down the line.

More about this story at the WirtschaftsWoche in English and German.

You can also find coverage at The Register, and IT World.