Riding shotgun: Wells Fargo & Co. and Voltage Security
Riding shotgun: Wells Fargo & Co. and Voltage Security

A law firm representing Wells Fargo & Co. may have released account data associated with 50,000 investment accounts to an unauthorized recipient, according to a published report.

Bloomberg News is reporting that the records were given to a lawyer who is participating in a pair of lawsuits that involve two brothers, Steven Sinderbrand, a Wells Fargo managing director and his brother Gary, a former company managing director.

Earlier this month Gary Sinderbrand's lawyer received client names, Social Security numbers and account balances from the outside law firm that is representing both his Steven and Wells Fargo in both of the lawsuits. The information was sent in response to a request from Gary Sinderbrand's, but was sent along without the required protective order or confidentiality agreement.

Tony Urbanovich, COO of CyberGRX, noted that this type of data breach proves that a company has to remember its data has to be protected no matter hits location.

““The Wells Fargo breach is an example of the evolution of data protection. It's no longer good enough to ensure end-to-end protection within the walls of your enterprise – that protection has to extend to the networks of any third party with access to your network. In the case of Wells Fargo, that translates to thousands of third parties, any one of whom could cause real financial and reputational damage if compromised,” he told SC Media.

Last year Wells Fargo's retail banking unit was involved in a cybersecurity scandal Wells Fargo Bank was fined a total of $185 million as punishment for a five-year-long scam that saw bank employees using bank customer information to illegally create accounts and email addresses and using this information to apply for credit and debit cards all in order to meet assigned sales goals and earn commissions. This led to 5,300 workers being fired and forcing the resignation of company chairman and CEO John Stumpf.