James Hastings is a dumpster diver who has found a mother lode of consumer financial information that employees carelessly tossed in dumpsters outside of several People’s United Bank branches. He says he was trying to expose the bank for not safeguarding customer’s records. The bank says he was trying to extort them into giving him a job.
For four months, James Hastings searched through trash bins outside People’s United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers’ Social Security numbers and account information.
The bank last month won a restraining order against Hastings, 56, requiring him to not discuss the matter or distribute paperwork. He has since been interviewed by the Connecticut Post.
People’s Bank said Hastings is trying to extort money and claims he asked to be hired as a “fraud consultant.” Bank officials also are demanding that the information be returned.
Brent DiGiorgio, a spokesman for People’s Bank, said its primary concern is protecting the customers’ information that Hastings has taken. The bank promises to provide a year of free credit monitoring to customers whose information was taken and has contacted affected customers, he said.
That’s all well and good, but what the hell was all that information doing in a dumpster in the first place?
Taking bank trash, Fairfield man claims security lapse [Newsday] (Thanks, Chris!)
More From Consumerist
-
Study: Burger King Has The Slowest Drive-Thrus, But Does A Really Good Job Of Hiding The Dumpsters
-
Delta Employees Dig Through Trash To Find “Daddy Shirt” Worn By 7-Year-Old’s Late Father
-
Target’s Furniture Quality Control Department: You
-
Study: There Are Plenty Of People Who Would Take Out A Walmart Or PayPal Mortgage
-
Bank Of America Says It Has Stopped Creating Zombies From Dead Accounts
Do you have questions for People’s United Bank about their security process?
People’s United Bank 1-800-894-0300*
People’s United Bank Directory
203-338-7171 Monday-Friday 8:30AM – 5:00PM Eastern
People’s United Bank,
850 Main Street. 11th Floor
Bridgeport, CT 06604
custserv@peoples.com
i always thought that trash was NEVER public property. you own the can right? so how do you not own what’s in it? if that was the case, then if the police found drugs in the can i could argue, it’s not my can, it’s public property and could be anyones.
i was underthe impression also that if you put your trash in a dumpster, it then belongs to the trash company, and not free for the taking. i know in indiana, i’ve called the police on dumpster divers more than once, and everytime they’ve came out and made them leave. i’m assuming if it was legal, the police would just tell me to get over it. that’s in indiana anyway.
I think in terms of getting into shit for dumpstering, you can only get arrested for trespassing, not for, say, stealing.
@snoop-blog: Made them leave, not fine or arrest them? There’s your proof its legal. Cops can get people to do stuff even when its not illegal.
I find the word usage of the bank quite funny. They use the word “taken” like he somehow compromised bank security by either infiltrating the premises and taking paper records, or by hacking into their computers and “taking” the information.
At this point, I think the bank is likely trying to make up the extortion story as to threaten him and try to get him silenced.
For sure, if I caught wind of such a story about my bank, I would be closing the account immediately.
The biggest joke is this part:
“Brent DiGiorgio, a spokesman for People’s Bank, said its primary concern is protecting the customers’ information that Hastings has taken. The bank promises to provide a year of free credit monitoring to customers whose information was taken and has contacted affected customers, he said.”
If that was such a primary concern, why was it in the trash to begin with? Plus, he mentions he would provide 1 year free credit monitoring to customers who were affected, what if you applied for a loan there and were denied for whatever reason? That wouldn’t make you a customer, so they wouldn’t even provide the monitoring for all those people.
Why can’t such a place as a bank have a shredder? When average consumers have shredders, you would think a bank would have at least one, mostly figuring the information they deal with on a day to day basis.
The fact this was more than one branch goes to show that they don’t give a damn about your personal information and are likely to repeat this behavior.
@snoop-blog: The legality of dumpster-diving/trash-picking is all over the place. For one thing laws vary from one jurisdiction to the next. In some jurisdictions it comes down to the old “Reasonable Expectation of Privacy” and whether or not the trash container can be accessed from public grounds. In other words, you may own the trash can and the land it’s sitting on, but if one can stand in the street and dig through the contents, you may not have a reasonable expectation of privacy.
Of course if you have to trespass to get to the trash can, that’s another factor.
Basically there is no hard-and-fast universal rule.
And of course if there really was personal info in the dumpster, it really doesn’t matter if it was legal to take it or not – someone intent on draining bank accounts and committing identity theft is probably not too worried about whether they have to do a little tresspassing along the way. “I obtained this information illegally so I won’t use it to open credit cards in the victims’ names.” I don’t see that happening
@cde: no around here the cops don’t feel taking a homeless person to jail is worth the time. i agree. just make him leave, tell him not to come back, and i’m happy.
“Bank officials also are demanding that the information be returned.”
Why, so they can pitch it again? I find it extremely dubious that they won a restraining order against him prohibiting him from talking about the incident or distributing paperwork. Since when is it the judicial system’s job to help companies with their PR damage control?
@snoop-blog:
Way to keep the public safe from those dangerous recyclers.
MY employer leaves boxes & boxes of former employee files in unlocked storage rooms. Accessible by any & all employees. SS#s, Addresses, phone #s …. etc. etc.. all for anyone who wants to take them. Sad thing is…. I feel like if I bring up the issue… that I will get punished for it.
@friendlynerd: well i personally don’t prefer to have my privacy invaded, so yeah i don’t care what there doing in there, they need to stop.
i bet you wouldn’t be too happy with me going through your trash. and even if you don’t care, doesn’t mean nobody else should either. besides attacking commenters on here is just weak. if you have something beneficial, cool, but otherwise just makes you look like a troll.
This problem is not limited to People’s United Bank…here’s a report from May 2007 regarding JP Morgan Chase bank’s careless handling of customer data:
[consumerist.com]
I’ll say it again: Freeze your credit reports!
“A credit freeze is the best thing you can do – and in fact, the only thing you can — to stop identity theft before it starts. Think of it like The Club you place on car steering wheels. Yes, the car can still be stolen, but many car thieves see a Club and move on to another target. ID thieves who face security-freeze speed bumps when trying to get credit cards or loans in your name are just as likely to move on to the next Social Security number [as in this case, taken from the dumpster].”
@snoop-blog:
I automatically assume that the possibility of anyone going thru my trash is real. And dont throw away anything I wouldnt mind someone knowing about. All they are gonna find out from me is what brand of household products I use & what fast food places I frequent. *shrug*
Any sensitive info I completely destroy. I’m kinda paranoid about that kind of stuff.
@friendlynerd: I see them do it on “Law & Order” all the time. And when I say all the time, I mean ALL THE TIME. At least one version of that show is on some channel or another all the time! I love it!
@Trai_Dep: Yah, I was wondering the same thing myself. Is there something magical about the 1 year mark that says “Ok, it’s been a year since some dirtbag got my info, he can’t use it to steal my identity anymore”?
@forgottenpassword: I”m with you. I shred nearly everything with my name and/or address on it, even envelopes with business names/addresses that would show what banks/etc where I might have accounts.
Yeah Regs at financial institutions are pretty tight about this stuff. The bank needs to do an internal audit and get rid of the people disposing of personal information improperly. You can lose your insurance doing stuff like that.
@forgottenpassword: well still i don’t want people going through my trash. i don’t understand what’s so hard to understand about that. maybe i do have stuff to hide, maybe i don’t. maybe i don’t want people finding used condoms, or pregnancy tests, or old bottles of motion lotion, work schedules, etc. i do own a shredder, but that’s still besides the point. my point is, even if i have nothing to hide, doesn’t mean i invite searches. i don’t let the cops in my home or search my car, why because it is my right to privacy. some people are more private than others, me being one of those people. i don’t prefer to give up my rights just because i have nothing to hide.
Man, back when it was just “People’s Bank” it was a pretty good local company. Then they decided to expand and gobble up some smaller banks to be able to go out of state. Now look at where they are. *sigh*
even if it wasn’t my trash, but my neighbors, who would want to look out your window, and see a guy who may or may not be in his right mind going through the trash while your little kids are playing in your yard? to me, it’s not only that act of doing it, but the type of individual that does it. generally not the kind of people i want to have hanging in my neighborhood. not that they are all rapist murders or theifs or criminals, but they are obviously desperate, and i’ve seen desperate people do awful stuff. maybe i just live in a nicer neighborhood and that’s why it’s so unusual to see happen. if i lived in a place where it was more of a common occurance, than i would be more callous to it i guess.
What if it was in the trash because somebody already rifled through it inside the building and didn’t take the time to put it in a ‘destroy’ or ‘shred’ bag.That’s just as scarey as a careless or ignorant employee.
I would like to confess as a homeowner I sneak rocks into my trash. I have no place to put them (1/3rd of an acre) and the cities only solution is to suggest I pay to dump them (by the pound). I could “drive them to the country” but it is so much easier to hide them at the bottom of my leaf bags or throw a few in the trash when I get them. It is Connecticut, it is not too hard to find them.
I really feel a sense of relief confessing this year. Please don’t inform my city. It is grounds for banishment from the city transfer station.
PS. I like People’s United Bank. I hope they publicly address this security breach though.
Expect to see more dumpster diving as the cost of raw materials (aluminum, paper, copper) go up. It will be more so if we are required in the future to sort our recyclables.
Hello from your friendly Compliance department! I have tried over and over and over and over and over and over and over and over x infinity to get people to discard of confidential information in the proper way. Of course since my company babies it’s loan officers, leaving stuff “lying around” is not a fireable offense (although it damn well should be). This is nothing new, and as long as people get away with it, it won’t change.
@Trai_Dep:
The easy solution would be to get rid of credit reporting agencies and treat everyone the same. Then your SSN becomes useless. If someone doesnt pay their debt then just garnish their wages
@RandomHookup: It’s weird to me that there are places where people just throw away recyclables. I don’t know if this is what you mean – or if you live some place like California where all recyclables go into one big container.
But there are still places people don’t recycle at all. So strange.
@Kristinap815: i’ve never met a friendly compliance dept. lol. the one at my office makes my life a living hell, and enjoys doing so. i find it humorus to see it doesn’t change much elsewhere.
@ManPurse: i live in one of those places. nobody, not even %5 of the city population recycles. it kinda blew my mind to find out there were places where almost everyone does. but the area i live in is mainly ignorant rednecks. good luck trying to get them to change.
I think the bank is being a bit disingenuous here. I think it is less “extortion” as “you have a problem and here’s proof”.
Considering the bank threw out the sensitive documents and they were found in a dumpster where anyone has access, he shouldn’t return the documents. After all, the way they discarded the documents they didn’t care who got them afterwards, why should they care if he has them?
An update: check the 4/21/08 item on this legal news page:
[www.breakinglegalnews.com]
A local law firm filed a class action against the bank on behalf of customers whose data was exposed. The story also mentions that the dumpster diver was being sued by the bank and that the trial was under way.
3.5 months later, I don’t know what’s up with either action.