Reconnex delivers accurate protection against known data loss and provides the only solution that automatically learns what your sensitive data is as it evolves in your organization.

Enterprise Risk Management Firm Reconnex Provides Technology, Legal, and Information Security Experts
as Resources

MOUNTAIN VIEW, Calif., MAY 25, 2005—Reconnex, the expert in enterprise risk management systems , has multiple expert resources available to comment on what officials are saying may be the largest security breach in the banking industry to date. At least four banks, including Bank of America Corp. and Wachovia Corp., are notifying a combined total of over 670,000 customers that their private data may have been compromised (see ‘Available Resources’ below).

What Happened:

Developments in this case have confirmed that Bank of America Corp. is notifying up to 60,000 of its customers, while Wachovia Corp. is currently notifying more than 40,000 customers that their personal account information has been stolen. Account information was illegally sold by bank employees to a man identified as Orazio Lembo, whom police said was doing business by illegally posing as a collection agency.

How it Happened:

Based on forensic examination of Lembo’s computers, it was determined that he was working with several upper-level bank employees to access and identify personal account information of their customers. Lembo would then sell the information to his clients, which included over 40 law firms and collection agencies. The FBI eventually caught Lembo by setting up a bogus law firm to pose as a customer for Lembo’s stolen information. Along with Lembo, seven bank employees are also being charged.

How Reconnex Could Have Helped:

By monitoring all the electronic communication leaving the bank – particularly the information containing private customer data (credit card numbers, social security numbers, bank statements, balances, addresses, and phone numbers) and creating a forensic record of the suspicious activities – the Reconnex system would have provided the information needed by investigators immediately – not months later.

Using the unique forensic capabilities available only in the Reconnex system, investigators would have been provided with all the communications between bank employees and Lembo (including email, Webmail, instant messaging, etc.), providing evidence that FBI investigators could use to track down the suspects immediately.

After completing nearly 100 Reconnex 48-Hour e-Risk Rapid Assessment™ deployments, Reconnex has found that one of the biggest vulnerabilities affecting financial institutions is the trusted insider who has access to customers’ private data and then leaks this information out of the bank using Webmail. Prior to Reconnex’s system, a solution that could provide forensic record of the information leaving a financial institution has been unavailable.

What the Experts are Saying:

"Without exception, every Reconnex 48-Hour e-Risk Assessment in the financial services industry has revealed trusted insiders leaking customers' private data to personal webmail accounts" said Donald J. Massaro, CEO Reconnex Corporation. "Every single institution had already spent millions to establish controls to protect this data. Each were shocked to find hidden threats coming from inside their organization – threats they could not see before our assessment, but threats that were easy to fix after the assessment. These banks continue to monitor the activity of insiders because they know the insider is where the majority of security breaches originate."

Analysts agree that over 85 percent of information leaks and electronic security breaches at today’s corporations originate within the network. Enterprise risk management solutions close the loop on network security, monitoring, detecting, and reporting on the activity of all information on the network – including what trusted insiders do with customer private data – to ensure the protection of confidential information.

Available Resources:

If you are currently seeking comment from technology, legal, or information security experts regarding the Bank of America and Wachovia security breaches, Reconnex can offer the following resources:

• Donald J. Massaro, CEO Reconnex – Reconnex provides Fortune 1000 companies an appliance-based internal network security platform that analyzes, identifies, and registers both known and unknown risks. Massaro has over 30 years of experience working with and running successful Silicon Valley security startups.
• Steve Bochner, attorney at Wilson Sonsini Goodrich & Rosati – Bochner has more than two decades of experience in practicing corporate and securities law. Steve frequently speaks on a variety of securities law topics for the Practising Law Institute and Glasser Legalworks. He was a recent panelist at the SEC's Small Business Forum.
• Ed Kozel, former CTO of Cisco – Kozel, who was responsible for putting Cisco into the firewall business and is a recognized expert on network security, currently resides on Reconnex's board of directors .
• Dan Verton, author – Verton is a journalist who wrote the book "Black Ice," which focuses on the state of internal threats taking place in today’s corporate environments. Verton was a former intelligence officer for the U.S. marines and has spoken at the Library of Congress and United Nations as a recognized expert on national cyber security, defense, and intelligent issues. Dan has appeared on CNN and delivered briefings to government agencies including the Secret Service and NASA counterintelligence groups.

To speak with any of the aforementioned resources, please contact Robb Henshaw at Engage PR at (510) 748-8200 ext. 217 or on his mobile at (925) 639-0364.

Reconnex’s inSight platform is the only comprehensive solution that detects and reports on the "insider" security risk to customer private data and ensures regulatory compliance and protection against identity theft. Reconnex’s inSight platform allows customers to respond immediately to all levels of electronic risks, prevent negative financial impacts of these risks, and provide the ability to correlate incidents "after-the-fact," if a forensic investigation is needed.

About Reconnex

Reconnex is the leading provider of enterprise risk management (ERM) systems that reveal and address compliance risks, competitive risks, corporate governance risks and critical infrastructure risks. Reconnex enables Fortune 1000 companies, government organizations, and smaller healthcare and financial services companies to protect their brands, shareholder value, and mission critical operations by revealing hidden risks in the first 48 hours of deployment. Without exception, every deployment has enabled these organizations to quickly remediate the risks that could have damaged or destroyed their organization.

Give us two days, we'll show you the risk™ . Call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net.

“I can now sleep at night, because I know exactly where our sensitive customer and account information is going.”

Jeff Karafa
Senior Vice President and Chief Financial Officer
Community Bank
Dearborn, Michigan