Latest story of data gone missing
Last modified on Monday, 02 June 2008 10:10
In yet another story of an institution losing confidential customer data, officials from the Bank of New York Mellon Corporation have confirmed that a box of unencrypted data storage tapes containing the confidential and private information of more than 4.5 million customers was lost more than three months ago. As in other stories recently reported, the data was lost by a third-party vendor during transport to an off-site storage facility.
The Bank of New York Mellon Corporation last week informed the Connecticut State Attorney General's Office that tapes belonging to its BNY Mellon Shareowner Services division were lost in transport by the offsite storage firm, Archive America, on February 27th. It is quite interesting to note that the Bank waited more than three months to report this incident. The missing backup tapes were reported as including customer names, birthdays, Social Security numbers and other information from both customers of BNY Mellon and the People's United Bank of Bridgeport, Connecticut.
Archive America refused to comment about the missing backup data storage tapes, claiming confidentiality agreements prohibited it from doing so. BNY Mellon Shareowner Services indicated that it has begun notifying affected clients. As in similar cases of hijacked data storage information, the Bank claims that none of the unencrypted data has been accessed or used.
The Attorney General of Connecticut, Richard Blumenthal, was outraged by the Bank's offer of a year of free credit monitoring to those affected as "grossly inadequate." He also expressed anger at the Bank for not promptly notifying customers of the security breach. And apparently some of the data tapes in the transport van did arrive safely at the Archive America storage facility, while the Bank has not explained how only some of the tapes were stolen.
"The loss of this tape - so far unrecovered and unremedied - is inexplicable and unacceptable," wrote Blumenthal. "I am especially concerned by the delay in informing customers, possibly heightening the risks of wrongdoing."
Kind of makes you wonder how a huge banking institution that manages billion of dollars and investments can screw up something as routine as backup data storage. Is the Bank so cheap that they are cutting corners with their data storage practices? It is hard to image that at some point this data will not be accessed and used as the goldmine that it is to create phony driver’s licenses, phony social security cards, passports, credit card application fraud, etc.
At least 40 individuals whose data was compromised have banded together and filed a class action lawsuit against the Bank, asking for seven years’ of free credit monitoring, credit insurance and other damages.