Bank of New York Mellon loses data on 4.5 million

Share this article:
An unencrypted backup tape holding the personal information of about 4.5 million Bank of New York Mellon customers disappeared three months ago while in possession of a third-party vendor, the Connecticut attorney general announced Wednesday.

The attorney general, Richard Blumenthal, said in a statement that hundreds of thousands of Connecticut residents may be affected.

“This security breach seems highly dangerous, indeed possibly devastating in light of the identity theft threat,” said Blumenthal, a noted privacy advocate.

The storage tape, which contained the sensitive information of Bank of New York Mellon Shareholder Services customers, was lost Feb. 27 en route to a storage facility, Blumenthal said.

Archive Systems, a New Jersey-based records storage company, successfully delivered nine other tapes. A company spokesman, Craig Abramson, told SCMagazineUS.com that the firm could not comment due to confidentiality agreements it signs with customers.

Blumenthal said he was upset victims did not learn of the breach until this week, when People's United Bank notified his office. Based in Bridgeport, Conn., People's United Bank provided the Bank of New York Mellon with customer information so it could offer customers “an investment opportunity.”

“I am especially concerned by the delay in informing consumers, possibly heightening the risks of wrongdoing,” he said. “The loss of this tape -- so far unrecovered and unremedied -- is inexplicable and unacceptable.”

A Bank of New York Mellon statement, emailed to SCMagazineUS.com, said the company, upon learning of the lost tape, immediately launched an investigation, contacted authorities and introduced procedures to prevent a similar breach in the future. The bank plans to offer one year of free credit monitoring to affected individuals.

“Shareowner Services has no evidence suggesting that any of the data has been inappropriately accessed or used,” the statement said. “Communications with affected shareowners include that assurance.”

A bank spokesman could not be reached for comment to determine why the tapes were not encrypted.
Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.