Some companies shield others’ names in their breach notifications. Others are not averse to naming names. Consider this breach notification from W.J. Bradley Mortgage Capital:
The purpose of this letter is to notify you of a breach of some personal information that you disclosed to W.J. Bradley Mortgage Capital, LLC (“WJB”) in connection with a loan transaction. While this personal information was taken from WJB’s computer systems, we believe that it has been contained, not distributed to the public at large, that WJB has retrieved the information, and that such information was scrubbed from the offending parties’ systems.
During late July and early August 2013, one of WJB’s former loan officers, Shelly Logemann (“Ms. Logemann”), in concert with another mortgage company, RPM Mortgage, Inc. (“RPM”) took files from WJB’s computer systems, including some of your personal data while she was still employed with WJB. Specifically, the following items were taken: credit reports, social security numbers, bank account information, tax information and other private information contained in loan applications.
After discovering Ms. Logemann and RPM’s breach, WJB obtained a court order requiring the return of all private customer information to WJB, prohibiting the defendants from sending that information to others, and requiring that Ms. Logemann and RPM destroy all copies of the information in their possession. WJB was only recently able to confirm that your personal data was involved in this concerning incident.
You can read the rest of their December 20th breach notification letter to affected clients here (pdf).
The letter doesn’t explain when WJB first learned of the breach or how they learned of it, or why it took so long for them to figure out whose data were involved. Nor does the letter indicate whether RPM Mortgage had any knowledge of the employee’s actions. If someone has access to the court records and would like to provide more details, use the Comments section below.