IE 11 is not supported. For an optimal experience visit our site on another browser.

Massive bank security breach uncovered in N.J.

In court Thursday, Orazio Lembo was described as the alleged ring leader of what police say was a massive effort to steal bank account information: 500,000 accounts and personal information. NBC's Tom Costello reports.

In court Thursday, Orazio Lembo was described as the alleged ring leader of what police say was a massive scheme to steal 500,000 bank accounts and personal information, then sell it to bill collectors.

Lembo's alleged accomplices included branch managers and employees from some of New Jersey's biggest banks, including Bank of America, Wachovia and Commerce Bank.

All of them are accused of turning over customer bank account numbers and balance information for a profit of $10 per account. Even a state employee is accused of providing private information from state employment files.

"In some cases, the bank employees printed out entire customer computer screens and turned them over to Lembo," says Hackensack, N.J. chief of police Charles Zisa. "That information was then sold to his clients, which included more than 40 law firms and collection agencies."

Investigators say Orazio Lembo operated his company, DRL & Associates, out of his home, paying his accomplices tens of thousands of dollars over a four-year period, then allegedly re-selling that information for a profit of several million dollars to debt collectors and law firms.

Bank customers approached by NBC News couldn't believe it.

"It's horrible," says customer Adele Maldonado. "Not just for myself but for everyone else in town who banks here."

Security experts say the New Jersey case illustrates once again the vulnerability of private information, even when it’s supposed to be safe inside your bank.

"One of the things we're starting to realize is that personal information alone — your name, your address, your Social Security numbers, your bank account information, your credit information — has great economic value," says Mark Rasch, a computer security expert with the firm Solutionary, Inc.

Investigators are now trying to determine how that information was used by the debt collectors and lawyers, and whether they knew it had been obtained illegally.