(credit: Mike Mozart ) Since at least 2011, Wells Fargo employees have been creating fake accounts using customers’ identities to boost their sales numbers, federal regulators said on Thursday. The Consumer Financial Protection Bureau (CFPB) fined the bank $100 million after a third-party consulting firm found that 2 million fake deposit and credit card accounts had been made without the consent of the person whose name was on the account. According to CNN Money, the bank fired 5,300 employees for taking part in the scheme, which constitutes about 1 percent of the bank’s payroll. In order to boost their sales numbers, employees opened 1.5 million deposit accounts and 565,000 credit card accounts on customers’ behalf but without authorization from those customers. “Employees then transferred funds from consumers’ authorized accounts to temporarily fund the new, unauthorized accounts,” the CFPB wrote. “This widespread practice gave the employees credit for opening the new accounts, allowing them to earn additional compensation and to meet the bank’s sales goals.” Read 7 remaining paragraphs | Comments
Read More:
5,300 Wells Fargo employees fired after 2 million fake accounts discovered
dcblogs writes from a report via Computerworld: The University of California is laying off a group of IT workers at its San Francisco campus as part of a plan to move work offshore. Laying off IT workers as part of a shift to offshore is somewhere between rare and unheard-of in the public sector. The layoffs will happen at the end of February, but before the final day arrives the IT employees expect to train foreign replacements from India-based IT services firm HCL. The firm is working under a university contract valued at $50 million over five years. This layoff affects 17% of UCSF’s total IT staff, broken down this way: 49 IT permanent employees will lose their jobs, along with 12 contract employees and 18 vendor contractors. This number also includes 18 vacant IT positions that won’t be filled, according to the university. Governments and publicly supported institutions, such as UC, have contracted with offshore outsourcers, but usually it’s for new IT work or to supplement an existing project. The HCL contract with UCSF can be used by other UC campuses, which means the layoffs may expand across its 10 campuses. HCL is a top user of H-1B visa workers. Read more of this story at Slashdot. 
River Tam quotes a report from CSO Australia: Enterprise access management firm OneLogin has suffered an embarrassing breach tied to a single employee’s credentials being compromised. OneLogin on Tuesday revealed the breach affected a feature called Secure Notes that allowed its users to “store information.” That feature however is pitched to users as a secure way to digitally jot down credentials for access to corporate firewalls and keys to software product licenses. The firm is concerned Secure Notes was exposed to a hacker for at least one month, though it may have been from as early as July 2 through to August 25, according to a post by the firm. Normally these notes should have been encrypted using “multiple levels of AES-256 encryption, ” it said in a blog post. Several thousand enterprise customers, including high profile tech startups, use OneLogin for single sign-on to access enterprise cloud applications. The company has championed the SAML standard for single sign-on and promises customers an easy way to enable multi-factor authentication from devices to cloud applications. But it appears the company wasn’t using multi-factor authentication for its own systems. OneLogin’s CISO Alvaro Hoyos said a bug in its software caused Secure Notes to be “visible in our logging system prior to being encrypted and stored in our database.” The firm later found out that an employees compromised credentials were used to access this logging system. The company has since fixed the bug on the same day it detected the bug. CSO adds that the firm “also implemented SAML-based authentication for its log management system and restricted access to a limited set of IP addresses.” Read more of this story at Slashdot. 
An anonymous reader quotes a report from Reuters: A federal appeals court in California on Monday dismissed a U.S. government lawsuit that accused ATT Inc of deception for reducing internet speeds for customers with unlimited mobile data plans once their use exceeded certain levels. The company, however, could still face a fine from the Federal Communications Commission regarding the slowdowns, also called “data throttling.” The U.S. Court of Appeals for the Ninth Circuit said it ordered a lower court to dismiss the data-throttling lawsuit, which was filed in 2014 by the Federal Trade Commission. The FTC sued ATT on the grounds that the No. 2 U.S. wireless carrier failed to inform consumers it would slow the speeds of heavy data users on unlimited plans. In some cases, data speeds were slowed by nearly 90 percent, the lawsuit said. The FTC said the practice was deceptive and, as a result, barred under the Federal Trade Commission Act. ATT argued that there was an exception for common carriers, and the appeals court agreed. Read more of this story at Slashdot.