Bank's data loss may hit 400,000 Mass. customers

formatting link
Bank's data loss may hit 400,000 Mass. customers

September 19, 2008

More than 400,000 Massachusetts consumers may have had their personal information compromised in a data breach at the Bank of New York Mellon-- twice the number originally reported to state officials, according to a statement released yesterday by state Attorney General Martha Coakley.

In May 2008, BNY Mellon disclosed that back-up data storage tapes containing the information were lost by a third party vendor. At the time, the company said the breach affected approximately 200,000 Massachusetts customers.

Last month, the bank acknowledged the number could be much larger and that more than 12 million consumers were affected nationally -- nearly three times the 4.5 million reported in May. In August, Connecticut authorities said they were conducting an investigation of the breach and pursuing a possible "substantial" fine from BNY Mellon.

Coakley's office would not comment yesterday on whether it is conducting an investigation, but a spokeswoman said the increase is not surprising.

Investigators suspect customer information, including names, addresses, Social Security numbers, and bank account information could have been leaked. The firm is providing two years of credit monitoring services and $25,000 of identity theft insurance for those clients.

BNY Mellon is sending letters to the second round of consumers, said a spokesman.

JONNELLE MARTE =A9 Copyright 2008 The New York Times Company

Reply to
Monty Solomon
Loading thread data ...

formatting link

Here is what I have trouble undestanding. When a bank screws the pooch it's fine for the state to go after it, but the individual cannot do so.

Here's my tale of oops. We do nutritional scoring where I work and we farm the work out to a couple of universities in the area. We found out that our scoring works were toast because the main database for scores was on a lapotp being repaired by one universities I.T. department.

Then of course there's the demand draft system in banks. It's so open that I'm surprised more people don't exploit it.

Reply to

This breach was not limited to bank account holders. The Bank of New York Mellon Shareowner Services provides shareholder services for various companies, and runs a web site where shareholders can track their account, enter change of address, set up dividend reinvestment, receive electronic 1099s and stockholder reports, sell shares, etc. Some of that data was possibly lost also (I know because I'm on the list and I was notified in June 2008 by one of the companies I have stock in, passing along a letter from BNY Mellon about the breach).

What the thieves might have gotten: Name, address, SSN, company names and quantity of shares for a few companies I own stock in (and they could calculate the value of my holdings, which wasn't much). It was claimed they DIDN'T get passwords for the web site so changing my password wasn't an issue. I suppose a clever crook could use the password to steal my stock (change address to his own PO box, sell stock, ask for payment by check, forge check), but changing the address would trigger postal mail to the *old* address.

I moved all of the stock out of that account. The data breach wasn't the only reason, but it was significant. I was not real impressed by the (in)security of moving stock from one account to another, either.

They gave me Triple Alert credit monitoring for either 1 or 2 years depending on which version you believe. The first failure, IMHO: Triple Alert didn't alert me that a fraud alert had been placed on my credit file (yes, by me, but apparently that's not "negative information"). NOT getting such an alert made me think that placing the alert hadn't worked.

So far there has been no evidence of misuse of my information, unless you count criminal negligence on the part of those who were supposed to have it.

Reply to
Gordon Burditt Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.