In what can only be described as irresponsible, a bank employee for a Wyoming bank sent sensitive customer data to the wrong Gmail account. But it gets better. The employee was only supposed to send loan statements for a customer but somehow sent an attachment which contained personal information for 1,325 banking customers.
In a recent article it also states that:
After realizing what he’d done, the employee “tried to recall the e-mail without success.”
When that didn’t work, the employee sent a second e-mail to the recipient instructing the person to delete the e-mail and attachment “in its entirety” without opening or reviewing it. The employee also asked the recipient to contact the employee to “discuss his or her actions.”
That’s when the bank sued Google to identify the recalcitrant recipient.
Google said it wouldn’t comply without a court order, and even if it does receive a court order, its policy is to notify an account holder and give the person a chance to object to the disclosure of his or her identity. The court is considering the bank’s request.
In the meantime, Rocky Mountain Bank filed a motion last week to seal the entire case until the court decides whether to force Google to reveal the recipient’s name, saying it didn’t want its customers to learn about the breach, because it would create panic and result in a surge of inquiries from customers.
It wants the information under seal until it can determine from Google whether the Gmail account in question is active or dormant, and whether the sensitive customer information is actually at risk of being abused.
A federal judge in San Jose, California denied the bank’s request to seal on Friday.
“An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public’s common law right of access to court filings,” wrote Judge Ronald Whyte in his ruling, noting that the bank doesn’t have to wait to advise customers that an unauthorized disclosure of information occurred.
What this just goes to show is that we not only have to watch out for hackers but also dumb bank employees.