Bank of New York Mellon loses data on 4.5 million
An unencrypted backup tape holding the personal information of about 4.5 million Bank of New York Mellon customers disappeared three months ago while in possession of a third-party vendor, the Connecticut attorney general announced Wednesday.The attorney general, Richard Blumenthal, said in a statement that hundreds of thousands of Connecticut residents may be affected.
“This security breach seems highly dangerous, indeed possibly devastating in light of the identity theft threat,” said Blumenthal, a noted privacy advocate.
The storage tape, which contained the sensitive information of Bank of New York Mellon Shareholder Services customers, was lost Feb. 27 en route to a storage facility, Blumenthal said.
Archive Systems, a New Jersey-based records storage company, successfully delivered nine other tapes. A company spokesman, Craig Abramson, told SCMagazineUS.com that the firm could not comment due to confidentiality agreements it signs with customers.
Blumenthal said he was upset victims did not learn of the breach until this week, when People's United Bank notified his office. Based in Bridgeport, Conn., People's United Bank provided the Bank of New York Mellon with customer information so it could offer customers “an investment opportunity.”
“I am especially concerned by the delay in informing consumers, possibly heightening the risks of wrongdoing,” he said. “The loss of this tape -- so far unrecovered and unremedied -- is inexplicable and unacceptable.”
A Bank of New York Mellon statement, emailed to SCMagazineUS.com, said the company, upon learning of the lost tape, immediately launched an investigation, contacted authorities and introduced procedures to prevent a similar breach in the future. The bank plans to offer one year of free credit monitoring to affected individuals.
“Shareowner Services has no evidence suggesting that any of the data has been inappropriately accessed or used,” the statement said. “Communications with affected shareowners include that assurance.”
A bank spokesman could not be reached for comment to determine why the tapes were not encrypted.
