Bank Sends Sensitive Customer Info To Some Random Gmail User

Here’s the problem with Gmail: so many people use it that a mistyped e-mail address probably will not result in a bounced message. It will result in your message going to the wrong person, since nearly every derivation of a name is probably a working address.

This is not so problematic when it’s the misrouted Girl Scout meeting agendas or kids’ poetry I tend to receive. It’s horrifyingly problematic when a bank employee accidnntally e-mails the personal data of 1,325 customers to a random, unknown Gmail user. Now Rocky Mountain Bank is suing to learn the account holder’s identity in order to make sure that they didn’t send the account information to Russian gangsters, or my 11-year-old cousin.

The attachment contained confidential information on 1,325 individual and business customers that included their names, addresses, tax identification or Social Security numbers and loan information.

After realizing what he’d done, the employee “tried to recall the e-mail without success.”

When that didn’t work, the employee sent a second e-mail to the recipient instructing the person to delete the e-mail and attachment “in its entirety” without opening or reviewing it. The employee also asked the recipient to contact the employee to “discuss his or her actions.”

Silence ensued.

That’s when the bank sued Google to identify the recalcitrant recipient.

The best part is that the customers affected by the breach have not yet been notified. In the meantime, the courts will decide whether he e-mail’s recipient should be revealed.

Bank Sends Sensitive E-mail to Wrong Gmail Address, Sues Google [Wired via Walletpop]