Bank emails confidential info to wrong address, sues Google
To top it all off, the bank still hasn't notified its customers about the data loss.
The Rocky Mountain Bank in Wyoming is suing Google to find out who owns a Gmail account that a teller mistakenly sent a document containing, "names, addresses, tax identification or Social Security numbers and loan information." After finding the error Rocky Mountain Bank sent an email telling the owner of the Gmail account to delete the sensitive information and followed up further asking the Gmail account holder to contact the bank to discuss the issue.
When Rocky Mountain Bank failed to get a reply they asked Google if the account was active but were told they could only get that with a court order. Rocky Mountain Bank followed up with a suit against Google seeking the account information as well as asking for the proceedings to be sealed.
When reached for comment a Google Spokesperson was quoted as saying that, "the court has required it [RMB] to resubmit its papers. Once we have a chance to review these papers, we will determine our response."
The bank's decision to not notify the 1,325 affected individuals and businesses about the data breach is extremely troubling since Rocky Mountain Bank has absolutely no clue who has their customer's information. Yes. It is possible that the information is safe, since a smart user would quickly delete an unexpected email with an attachment and ignore the follow-up emails asking for more information as phishing attempts, but it doesn't justify the secrecy.
In any case, the bank should have had some kind of security policy in place to prevent the sending of such a confidential file. On top of that why did a teller's computer have a file with 1,300 accounts and information in it? Don't they know that's what password protected, encrypted databases are for?
Once you get past the lapses in bank security and the bank's inability to accept its own mistake, the fact remains that you need to triple check email addresses when you send something important; especially if it contains personal information.
Having a common Gmail address myself, I've received my fair share of personal information including; the location of many spare keys (look under the rock), vacation itineraries, hotel and car rental confirmations, baby pictures, pictures which I want to unsee but cannot, college transcripts and any other number of semiprivate information all from mistyping an email addresses.