[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Bank of the West security contact?
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Bank of the West security contact?
- From: Kristian Erik Hermansen <kristian.hermansen@xxxxxxxxx>
- Date: Mon, 17 Mar 2014 09:15:50 -0700
Just wanted to post a follow-up to this and provide some context to
make it known:
* Bank of the West was contacted in 2011 to report a security issue
* No response for 2 years
* In late 2013, I receive a breach notification saying my own
sensitive personal information was compromised via the EXACT SAME
ISSUES I REPORTED. I also am led to believe employee information was
compromised, which may include Social Security Number (SSN) details.
Conclusions?
* Bank of the West has NO WORKING SECURITY REPORTING MECHANISM for
outside researchers and NO BUG BOUNTY PROGRAM
* Bank of the West does not seem to take security and privacy
seriously enough, as far as I can tell
You should know this if you are an existing or potential customer /
employee of Bank of the West...
On Fri, Feb 7, 2014 at 9:27 PM, Kristian Erik Hermansen
<kristian.hermansen@xxxxxxxxx> wrote:
> Anyone have security contact at Bank of the West?
> --
> Kristian Erik Hermansen
> https://www.linkedin.com/in/kristianhermansen
> https://profiles.google.com/kristian.hermansen
--
Regards,
Kristian Erik Hermansen
https://www.linkedin.com/in/kristianhermansen
https://google.com/+KristianHermansen
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/