State officials try to determine scope of bank breach

Share this article:
Connecticut Gov. M. Jodi Rell announced on Friday that she is directing the state consumer protection commissioner to issue another two subpoenas in connection to the lost Bank of New York Mellon backup tape, which contained the unencrypted personal information of an estimated 4.5 million customers.

The subpoenas will be issued to Charlotte, N.C.-based Wachovia and Connecticut-based Webster Bank, said the governor, who already has ordered the issuance of subpoenas to People's United Bank and Bank of New York Mellon.

"Any of the banks that were selected have been identified as institutions that had information that were breached or potentially breached when the tape went missing," Rich Harris, a spokesman for the governor, told SCMagazineUS.com on Friday. "It's an information gathering process. It's not intended to point fingers at anyone."

He said the purpose of the subpoenas is to determine the scope of the breach and whether any laws were violated when the tape went missing three months ago.

Harris said he did not know the relationship between Wachovia and Webster banks and Bank of New York Mellon.

People's United Bank has already acknowledged it provided Bank of New York Mellon with customer information so it could offer consumers an investment opportunity, the Connecticut Attorney General's Office has said.

"Wachovia has called here to say they did not lose any customer data, but they did lose employee benefit information," Harris said.

He did not know about Webster Bank. A Webster Bank spokesman did not respond to a request for comment on Friday.

Ronald Sommer, a Bank of New York Mellon spokesman, told SCMagazineUS.com on Friday that the company cannot comment on other financial services firms whose customer data may have been on the tape.

"We cannot speak to client relationships," Sommer said. "It's hugely frustrating to be in the midst of a situation where other parties are speaking to our client relationships, but we can't address them. As onerous as I know it sounds, we have to defer to our clients. That's their decision to make whether they want to acknowledge their involvement."

Rell said in a statement that she is also upset by the delay in notifying victims about the breach. The missing tape was in possession of records management firm Archive Systems, charged with moving the data to a storage facility, when it went missing Feb. 27, Connecticut officials have said. Nine other tapes safely arrived at their destination.

Bank of New York Mellon has since severed ties with Archive Systems and contracted with a new data archiving service provider, Sommer said.

"I am gravely concerned by the unacceptable delay between the loss of information and the notification to affected customers," Rell said. "The possibility that customers of additional banks are affected only adds to the problem."

Bank of New York Mellon said Thursday in a statement that upon learning of the lost tape, it immediately contacted authorities and launched an investigation.

The bank plans to offer one year of free credit monitoring to victims. So far, none of the data has been misused, the bank said.

Sommer said company policy required the data to be secured, although it did not necessarily mandate encryption. The bank is reviewing its policies.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.