A colleague was notified today by his bank, BBVA Compass, that his account was likely involved in a breach and that shortly his debit card was going to be cancelled and he would be issued a new one. He went to a branch office to deposit a check and asked the teller why a recording from the bank called the day before asking him to call back for important information(confirming that it was not a robo-call). His point was if it was really important shouldn’t a person have been on the other end of the line?
It is a good sign to see the bank taking a more proactive approach to protect their clients’ personal information in the early stages of a breach response. The phone call leaving only a call back number may have been an effort to reduce the chance that a slowly awakening public might think this was an elaborate Social Engineering campaign playing off their fear from the recent Target breach or there may be some self-interest necessitating BBVA Compass’ proactive response. However this story unfolds it does not change the benefit of this early and decisive response for their clients.
We have been unable to substantiate or confirm any additional details about this breach. For now, well done BBVA, for taking care of your customers. If any additional details surface, we will update this blog post.