Bank Sues Google to Track Errant E-mail
Seeking the accidental recipient of sensitive data
September 24, 2009
In a nutshell, here’s how it went down:
Bank sent e-mail to the wrong person’s Gmail address. E-mail contained confidential account information for 1,325 of its customers. Bank was forced to send out disclosure letters to all customers whose information had been exposed by this breach.
The latest wrinkle in this case born of human error? According to Computerworld, Rocky Mountain Bank is suing Google for the identity of the Gmail account holder to whom the information was sent. Furthermore, it had a motion to seal its lawsuit denied by Judge Ronald M. Whyte of the U.S. District Court for the Northern District of California.
Just how did a file containing names, addresses, tax identification numbers and other details on 1,325 account holders wind up in the hands of a random Gmail account holder? According to InformationWeek, the bank had received a request from a customer to send certain loan statements to a third-party in August. A bank employee inadvertently sent the confidential account information to the wrong Gmail account.
Upon discovering the error, the employee first “tried to recall the e-mail without success,” Wired reported. The employee then sent an e-mail to the Gmail address asking the recipient to delete the previous e-mail and its attachment. The recipient was also asked to contact the bank to discuss what actions were taken to comply with the bank’s request. Having received no reply, the bank contacted Google to find out more about the Gmail user.
Google has stated that it won’t comply without a court order. Furthermore, “when Google receives legal process, such as court orders and subpoenas, where possible we promptly provide notice to users to allow them to object to those requests for information,” a company spokesperson said in a statement e-mailed to InformationWeek.
As for the bank, it hoped to keep its legal action under wraps in order to “avoid panic among its customers and a ‘surge of inquiry,’” to quote UK tech publication The Register. Clearly, that didn’t go as planned.
Even more scaryness here: http://www.techcrunch.com/2009/07/19/