Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank of NY Loses Tapes With 4.5 Million Clients' Data

Posted by Soulskill on from the way-to-go dept.

Lucas123 brings news that Bank of New York Mellon Corp. has admitted they lost a box of unencrypted data storage tapes. The tapes contained personal information for over 4.5 million people. From Computerworld: "The bank informed the Connecticut State Attorney General's Office that the tapes ... were lost in transport by off-site storage firm Archive America on Feb. 27. The missing backup tapes include names, birth dates, Social Security numbers, and other information from customers of BNY Mellon and the People's United Bank in Bridgeport, Conn., according to a statement by Connecticut Attorney General Richard Blumenthal.

2 of 156 comments (clear)

  1. Unencrypted? by cephah · · Score: 5, Interesting

    I thought you had an obligation to encrypt data containing sensitive personal information such as SSNs when transporting them? In Denmark you are required by law to store such data safely, I wonder if it's any different in the US.

  2. I am one of the people affected by barzok · · Score: 5, Interesting

    I got a letter on Thursday informing me of the breach. It gave this URL: http://www.bnymellon.com/tapequery/

    This page has changed since Thursday. Originally it was only one incident, now it's two. The letter said that I'd get 1 year of credit monitoring at all 3 bureaus, free; when I signed up, I was given (and the page above) two years. The letter said there was no indication that the information had been used, but it also didn't mention what the summary here says - that SSNs and birthdates were on those tapes (I assumed they were).

    What really pisses me off isn't that it happened - it's that it took them three fucking months to inform me.

    I have 2 accounts with them (for the same employer, which is really stupid). One account requires my SSN, the stock ticker, and a 6-digit PIN. Digits only. Not terribly secure - there's only 10^6 possible PINs, my SSN may be in someone's hands, and there are only a couple thousand stock tickers. The other is a seemingly random ID and a 6-31 digit PIN. My previous PIN was 12 characters. The new one is 31.

    I reset both my PINs Thursday night, which took about half an hour - the sites, while not normally speed demons, were obscenely slow that night. I'm hoping it's because people were changing their PINs.