B of a won't tell you when your own account was hacked without warrant or subpoena

1 points by kid64 ↗ HN
A loved one recently had the surreal experience of logging into their online banking account to find that key account details had been manipulated without authorization. Specifically, a new phone number and email address had been added, and the type of the existing primary phone number had been changed. The account had been hacked, and the hacker appeared to be in the process of laying the groundwork necessary to assume exclusive control of the account.

Almost immediately, the question arose: when did this happen? This is not just a matter of curiosity. The unauthorized access would have provided the hacker with details on thousands of private financial transactions, each potentially connected to one or more other people. If anyone else suffered some level of exposure because of this breach, there is a moral obligation to advise them of such. To get an idea of the scope of exposure, it's important to know when the attack occurred. Bank of America obviously has this basic, non-identifying information. But in the event of an attack, will they share it with the affected customer? Having just been through this process, the answer is very disconcerting: "no, not without a warrant or subpoena".

The only rationale I can imagine that seems remotely understandable makes me equally uneasy: the less a customer knows about an attack on their own account, the more difficult it is to identify potential negligence on Bank of America's part that made the attack possible.

An interesting example of customer-hostile priorities by a large retail financial institution -- but as we search for a new bank, I'd love hear of others, along with any known remedies.

1 comment

[ 2.7 ms ] story [ 14.8 ms ] thread
Sounds about right....

Credit Union all the way. Never looked back!

BoA = Bend Over America. Take all your money out and put into local credit union.