On November 6, 2019, Wells Fargo Bank, N.A. discovered a data breach linked to KDW Automotive, where an employee mistakenly sent an email containing sensitive personal information to an unintended financial institution. The exposed data included names and Social Security numbers of affected individuals, potentially putting them at risk of identity theft or fraud. The breach was reported to the California Office of the Attorney General in April 2020, highlighting a lapse in data handling protocols. While the incident did not involve malicious cyber activity, the unauthorized disclosure of personally identifiable information (PII) posed significant privacy concerns. The breach underscored the need for stricter email security measures and employee training to prevent similar errors in the future. No evidence suggested the data was misused, but the exposure alone created reputational and compliance risks for Wells Fargo.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-189280
TPRM report: https://www.rankiteo.com/company/wellsfargo
"id": "wel1014090725",
"linkid": "wellsfargo",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Automotive',
'name': 'KDW Automotive',
'type': 'Business (Automotive)'},
{'industry': 'Banking/Financial Services',
'location': 'California, USA',
'name': 'Wells Fargo Bank, N.A.',
'type': 'Financial Institution'}],
'attack_vector': 'Human Error (Email Misdelivery)',
'data_breach': {'data_exfiltration': 'No (unintentional disclosure via email)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'Numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2019-11-06',
'date_publicly_disclosed': '2020-04-20',
'description': 'The California Office of the Attorney General reported that '
'Wells Fargo Bank, N.A. discovered a data breach involving KDW '
'Automotive on November 6, 2019. The incident occurred when an '
'email was mistakenly sent to another financial institution, '
'potentially exposing personal information such as names and '
'Social Security numbers of affected individuals.',
'impact': {'brand_reputation_impact': 'Potential (due to exposure of '
'sensitive personal data)',
'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs)'},
'post_incident_analysis': {'root_causes': 'Human error (email sent to '
'incorrect recipient)'},
'references': [{'date_accessed': '2020-04-20',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Reported to California Office of the '
'Attorney General'},
'title': 'KDW Automotive Data Breach via Wells Fargo Email Misdelivery',
'type': 'Data Breach (Unintentional Disclosure)'}