BoNY 4.5 Million Consumer's Data Loss
This just in from the "when will they ever learn" file.
The Bank of New York (BNY Mellon) waited 8 weeks
after the Connecticut legal requirement to inform the
public of this very serious data loss involving personal
information which was unencrypted.
"On February 27, 2009, BNY Mellon was
transferring a load of computer tapes
containing information including names,
addresses, dates of birth and Social
Security numbers, when it lost a tape
carrying data on about 4.5 million people.
Under Connecticut state law, banks are
required to immediately notify customers
when such information is lost, but BNY Mellon
did not notify People’s of the true extent of the
breach until mid-May, some eight weeks later."
This is the second major data loss incident this
year for the Bank of New York who is the world's
largest custodian of assets.
According to a statement released by the bank
involving this second data security breach on
"... a backup data-storage tape containing
images of scanned checks and other payment
documents was lost while being moved from
Philadelphia to Pittsburgh, spokesmen for
the bank said Friday. It involved data of
47 institutional clients..."
Two time loser overall and two time loser
of unencrypted data.
Even worse, with BoNY apparently violating
a Connecticut law by failing to report
the data breach within the required
timely manner, it has now brought the
wrath of the states' governor who requested
subpoenas to be issued related to the loss of
bank customer data being transported.
Compounding the multiple events of data loss
of unencrypted, highly sensitive consumer data
is the suspicion that BoNY attempted to break
the law by not informing consumers in a timely
Is it perhaps because BoNY Mellon did not actually
know just who's data was lost so they were unable
to notify the correct individuals negatively impacted
by these data losses?:
"We'd like to provide people with a more current
characterization [of what happened], but we are
not yet in a position to make that available,"
said BNY Mellon spokesman Ron Sommer. "Our
intention is to make it available as soon as we can."
Well it seems the governor also wants the facts
straight for the record as well:
"... subpoenas seek details about the extent of
the data breach, the timeline and conditions
surrounding the tape loss, copies of any law
enforcement or security reports filed
following the loss, the names and addresses
of all Connecticut customers whose names
were included in any of the missing files and
other pertinent facts."
Meanwhile, a class action lawsuit has been
filed seeking 7 years of credit monitoring
services for the 40 individuals represented.
The Bank of New York (BNY Mellon Corp.)
has, to their credit, offered 1 year of free
credit monitoring services to any one
who has been negatively impacted.
So, our tip for today is directed towards
any of the 4,500,000 individuals who may
have been needlessly exposed to the potential
for identity theft and credit fraud.
Contact the Bank of New York immediately
to seek more information on safeguarding
your accounts as well as to get details of
their 1 year of free credit monitoring offer.
Finally, make sure to tell a friend or associate
of this important development involving the
opportunity for large scale identity theft so
they may also seek immediate preventative
PS: With such a large scale, repeated data loss
involving the industry leader in assets data,
credit monitoring alone will not protect you
from identity theft - here's why.