As reported by Bloomberg, a new TD Bank staffer tasked with spotting money laundering in New York allegedly leaked customer details to a criminal network via Telegram. Detectives found images of 255 checks and personal information from nearly 70 customers on her phone.
Strengthening Internal Controls to Combat Insider Banking Threats
Such breaches are appearing across the U.S. banking system. While banking scams often seem random, victims report that fraudsters frequently possess detailed knowledge of their finances. The banking industry’s lowest-paid employees continue to be a critical link in protecting sensitive customer information.
“The more employees with access to sensitive data, the higher the risk of abuse,” said R.J. Cross of U.S. Public Interest Research Group. Effective internal controls and technical safeguards are necessary to prevent insiders from exploiting customer data.
Déjà Vu? Why Insider Data Breaches Continue to Plague Banks
Warnings about insider banking leaks have persisted for years. In 2014, New York’s then-attorney general, Eric Schneiderman, urged major banks to strengthen internal defenses following an investigation into an identity-theft ring involving bank tellers. Schneiderman’s study found insider leaks were already rising, often with the intent to commit fraud.
The Growing Threat of Elder Financial Fraud
Concerns about financial scams are intensifying as U.S. retirees, holding record levels of wealth, face increasing elder fraud, with estimated annual losses surpassing $28 billion. Bank lobbyists continue to resist legislation that would require firms to take more responsibility for customer losses.
Recent busts indicate that banks have not yet found a way to prevent employees from selling access to sensitive financial data. Some employees collaborate with local fraudsters, often for minor check fraud schemes. However, sophisticated bank scams are expanding, leaving victims responsible for their own financial losses.
Navy Federal Breach: How Customer Data Was Sold on the Dark Web
One example involves Wade Helms of Navy Federal Credit Union, who allegedly sold customer data on the dark web. Authorities found he had recorded personal details in a notebook and used Telegram to connect with fraud brokers. A chatroom called “Navy Wave” allegedly advertised stolen customer accounts, with Helms leaking information on at least 50 accounts.
Helms pleaded no contest to 11 charges and received 10 years’ probation, along with a $9,100 restitution order. Navy Federal stated they take all precautions to protect customer data and continuously enhance security measures.
TD Bank’s $3.1 Billion Settlement: A Costly Lesson in Banking Compliance
TD Bank’s $3.1 billion settlement with U.S. authorities for failing to prevent money laundering revealed that cost-cutting weakened internal safeguards. Federal investigators found employees accepting bribes to open fraudulent accounts linked to illicit funds transfers.
A New York branch manager stole over $200,000 from an elderly client by manipulating account details even after the retiree’s death. Another TD Bank employee, Daria Sewell, was accused of distributing images of customer checks via Telegram to a fraud network involved in a $500,000 check scam. TD Bank emphasized that these employees do not represent the integrity of its 30,000 staff members.
Solutions for Banks Struggling to Secure Customer Data
Outsourcing exacerbates security gaps. In Louisiana, federal prosecutors uncovered a check-fraud ring involving employees of international call center Teleperformance, who allegedly sold account details of elderly USAA customers. One scheme involved a Teleperformance employee providing fraudsters with a list of high-balance accounts, which were then exploited.
The three employees pleaded guilty to bank fraud conspiracy. One defendant’s attorney noted she had minimal education, worked remotely, and received little to no training on handling sensitive data.
“We fully cooperated with authorities and terminated the employees as soon as we were made aware,” a Teleperformance representative stated. The company claims to limit employee access to customer accounts, but cases like these highlight the vulnerabilities of outsourcing critical financial data functions.
Banks continue to face mounting pressure to secure customer data from both external hackers and internal threats. While technology improves, insider leaks remain an ongoing risk that financial institutions must address with stronger internal controls and proactive fraud monitoring.
The full story on bank scams resulting from leaked data can be found at Bloomberg.
