Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank of NY Loses Tapes With 4.5 Million Clients' Data

Posted by Soulskill on from the way-to-go dept.

Lucas123 brings news that Bank of New York Mellon Corp. has admitted they lost a box of unencrypted data storage tapes. The tapes contained personal information for over 4.5 million people. From Computerworld: "The bank informed the Connecticut State Attorney General's Office that the tapes ... were lost in transport by off-site storage firm Archive America on Feb. 27. The missing backup tapes include names, birth dates, Social Security numbers, and other information from customers of BNY Mellon and the People's United Bank in Bridgeport, Conn., according to a statement by Connecticut Attorney General Richard Blumenthal.

7 of 156 comments (clear)

  1. Unencrypted? by cephah · · Score: 5, Interesting

    I thought you had an obligation to encrypt data containing sensitive personal information such as SSNs when transporting them? In Denmark you are required by law to store such data safely, I wonder if it's any different in the US.

  2. Digital leakage is getting to be more like by 3seas · · Score: 3, Interesting

    digital diarrhea...

    So what exactly is homeland security about? Its obviously not about protecting US citizens.

    As a government body, shouldn't homeland security be involved in helping to prevent such digital leakage, even if just setting down the rules to follow and pursuing violators of the rules?

  3. really? again? by knight0wl · · Score: 3, Interesting

    Events like this seem to have become a near-monthly event. I would've thought banks and credit card companies and thier ilk would have learned thier lesson the first time something like this made news and started at least encrypting this stuff. Or at least the second time it happened. Or the third, maybe if we're cutting them a lot of slack. Yes, it's expensive and yes it's hard work, but it'd be less expensive than a potential 4.5 millian lawsuits and less work than the PR mess that they now have to clean up.

    --
    Name-calling, insults, and general rudeness do not increase the chances that someone will suddenly agree with you.
  4. Re:So when is the bank declaring bankrupcy by Vectronic · · Score: 3, Interesting

    http://en.wikipedia.org/wiki/Bank_run

    or skip to:
    http://en.wikipedia.org/wiki/Bank_run#History

    If 4.5 million people is only a fraction of the data the bank had (assuming all data they have is equal to the amount of people they cater to) then if say 20,000,000 people withdrew their money, they'd be fucked, even if they only withdrew $200

    Especially considering the decline of the USD, granted, it probably wouldnt lead to a major event like the 'Great Depression' (although its possible) but it would kill that branch, break some bird eggs, make an omelet, etc.

    If the "Government" bailed them out (which would technically be the bank giving the government money to bail the bank out) the USD would plummet even further to probably mere tens of pennies.

  5. Re:So when is the bank declaring bankrupcy by Hankapobe · · Score: 3, Interesting

    I'm aware of bank runs and what they did in the past in the US. Those days are gone. It would have no effect - even on that particular branch. The Bank of New York is a monster mega bank. It has over 100 Billion dollars in assets. This isn't some local yocal bank that Jimmy Stewart runs. And even then, with FDIC insurance, and the current rules for cash reserves, it won't happen. Regulations have been placed here in the US to prevent such a thing happening.

  6. Re:really? again? by Flamora · · Score: 3, Interesting

    Yes, but you see, the encryption means that the bank itself has to do the work. In the case of lawsuits and PR issues, they have PR people and lawyers to deal with that, so the bank doesn't do much more work than lifting a finger and saying "go, mortal, and do thy job" or something.

  7. I am one of the people affected by barzok · · Score: 5, Interesting

    I got a letter on Thursday informing me of the breach. It gave this URL: http://www.bnymellon.com/tapequery/

    This page has changed since Thursday. Originally it was only one incident, now it's two. The letter said that I'd get 1 year of credit monitoring at all 3 bureaus, free; when I signed up, I was given (and the page above) two years. The letter said there was no indication that the information had been used, but it also didn't mention what the summary here says - that SSNs and birthdates were on those tapes (I assumed they were).

    What really pisses me off isn't that it happened - it's that it took them three fucking months to inform me.

    I have 2 accounts with them (for the same employer, which is really stupid). One account requires my SSN, the stock ticker, and a 6-digit PIN. Digits only. Not terribly secure - there's only 10^6 possible PINs, my SSN may be in someone's hands, and there are only a couple thousand stock tickers. The other is a seemingly random ID and a 6-31 digit PIN. My previous PIN was 12 characters. The new one is 31.

    I reset both my PINs Thursday night, which took about half an hour - the sites, while not normally speed demons, were obscenely slow that night. I'm hoping it's because people were changing their PINs.