Just wanted to post a follow-up to this and provide some context to make it known:
* Bank of the West was contacted in 2011 to report a security issue * No response for 2 years * In late 2013, I receive a breach notification saying my own sensitive personal information was compromised via the EXACT SAME ISSUES I REPORTED. I also am led to believe employee information was compromised, which may include Social Security Number (SSN) details. Conclusions? * Bank of the West has NO WORKING SECURITY REPORTING MECHANISM for outside researchers and NO BUG BOUNTY PROGRAM * Bank of the West does not seem to take security and privacy seriously enough, as far as I can tell You should know this if you are an existing or potential customer / employee of Bank of the West... On Fri, Feb 7, 2014 at 9:27 PM, Kristian Erik Hermansen <kristian.herman...@gmail.com> wrote: > Anyone have security contact at Bank of the West? > -- > Kristian Erik Hermansen > https://www.linkedin.com/in/kristianhermansen > https://profiles.google.com/kristian.hermansen -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
