Rocky Mountain Bank sues Google after emailing sensitive data to wrong Gmail account

rmb.gif
It has been a while since I commented on a data loss incident. I've been concentrating on documenting more about how Oracle IRM works and some of the features. However the past few days have seen an almost farcical play of events between Rocky Mountain Bank and Google.

The bank mistakenly sent an email containing an attachment which contained confidential information on 1,325 individual and business customers that included their names, addresses, tax identification or Social Security numbers and loan information. Ouch! After realizing the mistake, the bank employee tried to recall the email, but obviously this failed... as anyone who's made this mistake knows that once an email is sent beyond your own email system, it is very hard to control what happens to it after delivery.

After the sending of another email asking the accidental recipient to respond returned only silence, the bank contacted Google in an attempt to have the information deleted from the persons inbox. Google quite rightly refused stating this violated their privacy policy.

So the bank has sued Google to identify the account and assist with protecting the information. This isn't going to be a cheap exercise and the loss in customer confidence for the bank is going to hurt in an age where banks are going out of business.

Obviously securing this document would've saved a whole lot of hassle. Oracle IRM would not only have ensured the content is safe if they sent it to the wrong user, but there are many ways to implement IRM such that the information is not just secured as it is sent via email but also the document is secured from source when the document was created.

Comments:

Is it the same bank as: http://www.fdic.gov/bank/individual/enforcement/2009-04-06.pdf Then it is in a world of hurt now... -Ross

Posted by Ross Walker on October 07, 2009 at 04:04 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today