Saturday, May 31, 2008

BoNY 4.5 Million Consumer's Data Loss

 BoNY 4.5 Million Consumer's Data Loss

This just in from the "when will they ever learn" file.

The Bank of New York (BNY Mellon) waited 8 weeks
after the Connecticut legal requirement to inform the
public of this very serious data loss involving personal
information which was unencrypted.

"On February 27, 2009, BNY Mellon was
transferring a load of computer tapes
containing information including names,
addresses, dates of birth and Social
Security numbers, when it lost a tape
carrying data on about 4.5 million people.

Under Connecticut state law, banks are
required to immediately notify customers
when such information is lost, but BNY Mellon
did not notify People’s of the true extent of the
breach until mid-May, some eight weeks later."

This is the second major data loss incident this
year for the Bank of New York who is the world's
largest custodian of assets.

According to a statement released by the bank
involving this second data security breach on
April 29th:

"... a backup data-storage tape containing
images of scanned checks and other payment
documents was lost while being moved from
Philadelphia to Pittsburgh, spokesmen for
the bank said Friday. It involved data of
47 institutional clients..."

Two time loser overall and two time loser
of unencrypted data.

Even worse, with BoNY apparently violating
a Connecticut law by failing to report
the data breach within the required
timely manner, it has now brought the
wrath of the states' governor who requested
subpoenas to be issued related to the loss of
bank customer data being transported.

Compounding the multiple events of data loss
of unencrypted, highly sensitive consumer data
is the suspicion that BoNY attempted to break
the law by not informing consumers in a timely

Is it perhaps because BoNY Mellon did not actually
know just who's data was lost so they were unable
to notify the correct individuals negatively impacted
by these data losses?:

"We'd like to provide people with a more current
characterization [of what happened], but we are
not yet in a position to make that available,"
said BNY Mellon spokesman Ron Sommer. "Our
intention is to make it available as soon as we can."

Well it seems the governor also wants the facts
straight for the record as well:

"... subpoenas seek details about the extent of
the data breach, the timeline and conditions
surrounding the tape loss, copies of any law
enforcement or security reports filed
following the loss, the names and addresses
of all Connecticut customers whose names
were included in any of the missing files and
other pertinent facts."

Meanwhile, a class action lawsuit has been
filed seeking 7 years of credit monitoring
services for the 40 individuals represented.

The Bank of New York (BNY Mellon Corp.)
has, to their credit, offered 1 year of free
credit monitoring services to any one
who has been negatively impacted.

So, our tip for today is directed towards
any of the 4,500,000 individuals who may
have been needlessly exposed to the potential
for identity theft and credit fraud.

Contact the Bank of New York immediately
to seek more information on safeguarding
your accounts as well as to get details of
their 1 year of free credit monitoring offer.

(212) 495-1784


(412) 234-5000

Finally, make sure to tell a friend or associate
of this important development involving the
opportunity for large scale identity theft so
they may also seek immediate preventative

PS: With such a large scale, repeated data loss
involving the industry leader in assets data,
credit monitoring alone will not protect you
from identity theft - here's why.


At 12:45 PM, Anonymous Anonymous said...

What, 8 weeks isn't time enough to figure out who's data they lost?

This makes me very angry to learn once again the identity thieves had a 2 month head start with our social security numbers to wreak havoc.

Thanks, Agent99 for helping to raising awareness on this one.

At 12:47 PM, Anonymous Obama Man said...

How much you want to bet corporate profits had everything to do with the delay in notifying consumers again of their 2nd data loss from the same financial institution?

At 1:08 PM, Anonymous Credit Hawk said...

Looks like BoNY has taken over the prestigious standing formerly held by Chase Banks and BofA with multiple occurences of data loss.

At 1:11 PM, Anonymous IT Security Guru said...

Unencrypted data loss again associated with backups.

Come on - even p.c. back up software has the option to encrypt the data during a backup.

Sounds like to me someone was just lazy or didn't care to wait the longer time it takes to encrypt that sensitive data.

I wonder if they would have selected that option if they knew their own social security number and date of birth was included within that batch?

At 1:12 PM, Anonymous Data Rambo said...

I suspect it was just good 'ole American laziness.

At 1:15 PM, Anonymous Anonymous said...

You know, this makes me wonder just how many times these multiple, large scale data breaches occur when the company has or is merging with another firm?

Sounds like to me a disgruntled I.T. manager just decided to screw the company over since his job was most likely going away from post merger with Mellon Corp.

He could probably make more money allowing those names to be conveniently "lost" to identity thieves who will pay top dollar for the type of information BoNY let out of a secure status.

At 1:17 PM, Anonymous Data Sec said...

"...the largest provider of asset.."

Does that mean like "trust" info?

(See the irony in that?)

At 3:44 PM, Anonymous Anonymous said...

I just received notice today my information was included on the tapes. The notice does say they are now offering 24 month of credit monitoring and $25,000 worth of identity theft insurance.

At 6:18 AM, Anonymous My Personal Finance Blog said...

"obama man" i think in 1 year . This is very serious issue though

At 11:35 PM, Blogger Chester said...

HapiBlogging to you my friend! Have a nice day!

At 2:49 PM, Blogger Contributing Author said...

Definitely not all that surprising, but simultaneously pretty scary. It's for reasons like this that I try to shop at brick-and-mortar stores, I never carry vital info with me, and I give my high security shredder pretty much daily! The age we live in...

At 4:12 AM, Anonymous Data Loss Prevention said...

It happened something similar to the bank of ireland.
For that same reason, the software to prevent data is very important. The problem is not just losing data; it is also preventing theft of them.
The loss of data is very expensive, but can be effectively prevented. There are many systems available for companies (every day you can find more and better software).
The cost of prevention is always less than the cost of loss, and even if there is no loss, the cost worth it: Safety is the first, for your business and your customers!
It is not so difficult to prevent, but it is really hard to heal this damage!


Post a Comment

<< Home