Consumerist
James Hastings is a dumpster diver who has found a mother lode of consumer financial information that employees carelessly tossed in dumpsters outside of several People's United Bank branches. He says he was trying to expose the bank for not safeguarding customer's records. The bank says he was trying to extort them into giving him a job.
That's all well and good, but what the hell was all that information doing in a dumpster in the first place?
For four months, James Hastings searched through trash bins outside People's United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers' Social Security numbers and account information.The bank last month won a restraining order against Hastings, 56, requiring him to not discuss the matter or distribute paperwork. He has since been interviewed by the Connecticut Post.
People's Bank said Hastings is trying to extort money and claims he asked to be hired as a "fraud consultant." Bank officials also are demanding that the information be returned.
Brent DiGiorgio, a spokesman for People's Bank, said its primary concern is protecting the customers' information that Hastings has taken. The bank promises to provide a year of free credit monitoring to customers whose information was taken and has contacted affected customers, he said.
Taking bank trash, Fairfield man claims security lapse [Newsday] (Thanks, Chris!)
Comments
o_o
almost makes me afraid to use a bank
That's hilarious...take a page out of Fight Club...Blackmail your way into a sweet job of doing nothing.
Thst's so strange. Something just like that happened here in Vancouver as well.
I don't think Hastings's motive is at all relevant. What's relevant is - was this information REALLY just in the trash?
I only hope they take this seriously.
Once something hits the trash isn't it public property for the taking?
Yeah, he may have been trying to Blackmail the bank. But you still have to answer to why so many records were in the trash.
If my legal sources are right, once it's trash, it's considered public for anyone to grab.
Link is dead. Try this one
I'm sure it was in the trash, and without Hastings stepping in, nobody would have 'probably' never seen it outside of it's decomposed state.
Hastings is a crook and should be jailed. The bank should update its procedures to this new world and not let this happen in the future.
Anybody foolish enough to get up in arms about this situation though should seriously question whether their personal information is safe at all. Just because companies have procedures in place, you can bet a small amount of the time, your information is not processed to those standards. Humans are involved after all...
New link
Above link is broken.
@sohmc: I'm not 100% on the legal stuff, either, but the fact that it's "for anyone to grab." Legal or not, the fact remains that Hastings was able to access it, and therefore, just about anyone else could to. Oy vey.
it sounds like he wasnt being unreasonable, they really do need a fraud consultant.
I almost feel like I should just give up now and post my own SSN and other info online just to get it over with. The anticipation as I wait for my bank, school, government, etc to lose it is killing me.
He should have auctioned the papers off. Inform the bank of the auction, and state in the advertisement for the auction where the papers came from. For extra fun, have a friend artificially inflate the price of the auction to something in the seven figure range. The bank would pay a hefty price to get those papers back.
I lived adjacent to a Wachovia for about a year. Their dumpster had a locking lid. I only found it unlocked twice. The dumpster was at the far side of the parking lot and was NOT covered by a camera.
I just don't understand it, I work at a bank, and we are audited constantly. Things like what we do with confidential trash is looked over with a fine tooth comb. It is ground into our heads, that anything remotely confidential goes into a locked bin to be shredded onsite. I would assume ALL banks go through similar scrutiny. Only thing I can think of is that it was someone new or someone that doesn't care, because this is surely not company policy.
i have relatives that use that bank. i've just forwarded this to them.
The bank better shut its trap and start doing stringent internal audits, STAT! This kind of security breach is inexcusable and they are trying to scapegoat the diver for it. If the state or the Fed gets involved, they might as well hang it up and start working on their resumes.
People's United is the generic supermarket bank here in CT, I used them in college and promptly switched to a national "real" bank when I got a job. Mostly high school looking and college age kids working behind counter at these places. You get what you pay for in life.
"Hastings is a crook and should be jailed. The bank should update its procedures to this new world and not let this happen in the future.
Anybody foolish enough to get up in arms about this situation though should seriously question whether their personal information is safe at all. Just because companies have procedures in place, you can bet a small amount of the time, your information is not processed to those standards. Humans are involved after all... "
Imagine what could have happened if Hastings *was* a crook. The fact that he's been telling them for months this was an issue and that they haven't listened, speaks volumes.
If he knew what was going on exactly how long do you think it would have been until someone with less than honorable intentions would have figured it out.
The contents of this dumpster are protected by attorney/dumpster privilege.
/Lionel Hutz.
@friendlynerd:
No.
Since when does 1 year of credit checking compensate for the untold years of monitoring, faxing, arguing, and undoing the damage of these leaks? When did this become an acceptable form of compensation?
@Phildawg: "Anybody foolish enough to get up in arms about this situation though should seriously question whether their personal information is safe at all."
Ah yes, the good old "we can never fix everything so stop caring about anything" argument.
Explain to us how it's foolish to point out and attempt to fix flaws as we find them? This is not some small-time store that was tossing out one or two credit receipts, this is a BANK. You know, where many people keep ALL of their money. If even one crook got their hands on that information they could have emptied multiple people's entire accounts. So it's foolish for us to be upset? The bank was no doubt in violation of records security procedures and laws. But it's foolish apparently to point that out. Just some good old fashioned law breaking by the bank that puts an untold number of people's entire savings at risk. But it'll never be perfect so we're fools to try and fix it.
@CRNewsom: He should have auctioned the papers off. Inform the bank of the auction, and state in the advertisement for the auction where the papers came from. For extra fun, have a friend artificially inflate the price of the auction to something in the seven figure range. The bank would pay a hefty price to get those papers back.
That would certainly get their attention! This bank seriously has issues with priorities. Their problems sound like they could have been solved by simply checking that all the staff was shredding the garbage.
"Bank officials also are demanding that the information be returned." Screw them, they let it go in the first place.
Thought dumpster diving was legal in most states...and trash is technically not your property...
I agree with CRNewsom: he should have auctioned off the paper (printing paper...right), though having a friend bid it up would be illegal.
@Phildawg: You don't know for sure who would access the trash and cannot say for sure that no one would have seen it. Another person with no/low morals could have got the information and caused some trouble. Put blame where the blame is due...on the bank. Don't blame Hastings.
People's bank in Fairfield county?! this is a little close to home...good thing I switched to Wachovia a while back
This is really funny. Many years ago, I worked for an independent bank in Texas. We had to keep all envelopes (now empty) dropped in the night deposit or ATM machines (for proof if there was a dispute). We kept them in a large box. One night, I left that box next to a trash can and the cleaning crew threw them all in the dumpster. Envelopes had names, account numbers, phone numbers on them. My bank management made me climb into that damn dumpster (it was filty) and retrieve every single envelope out of concerns for their customer safety. In hindsight, it was nice working for some of the better guys.
I would love to see a federal law that states that any organization that has an information breach (whether it be dumpster-dived or a hacked server) be financially responsible for damages suffered - both compensatory and punitively- by the individuals who have been negatively impacted by the organization's carelessness.
But it'll never happen.
@Phildawg: hastings was doing it for four months!! It's not an isolated incident... but an ongoing breach of the customers basic information. He might be a dirtbag but he's defined a lapse. People's bank should get the information back and then their customers should find a batter secured bank.
"Brent DiGiorgio, a spokesman for People's Bank, said its primary concern is protecting the customers' information that Hastings has taken."
He probably should have thought of that BEFORE dumping the customer's private information in the trash.
@Jaysyn: Actually that can depnd on local laws, but general rule is once it is in the trash, and placed on public property (or easement) then it is public property.
The best way for the bank to ensure this doesn't happen again is to have the loan officers stand out in the dumpster one hour each week the rest of the month and look for things that aren't suppose to be in the dumpster. You'd be surprised how the rate of incident plummets.
@Jaysyn:
According to the following it is legal: [www.lumiere.net]
"A better legal principle upon which to ground your claim that dumpster diving is legal is the principle that one no longer has any claim to property after he abandons it. These stores abandon the property by putting it in the dumpster, so anyone else wanting to take it can take it free and clear of their claim."
Batter? WTF, does that mean?
It's completely unacceptable. I worked for the technical support department of an antivirus vendor, and even we had a special locked bin for disposing of confidential information apart from our regular trash and recycle bins. We didn't even deal with things like SSN's or financial info. It was just for things like support account numbers, internal email addresses for corporate customers, etc. If we could do it, I fail to see how a bank could not.
Read the article -- sounds like a complete nut case going through trash for four months until they got a restraining order. If he had anything at all -- which there is yet to be any evidence that he does -- why did he need to make regular dives into their dumpster? Convicted drug addict and fraudster impressonating doctors, sure I believe anything he says!!
@jimv2000: Yeah, you're right. I might as well get it over with, too. My name is Todd Davis, and my SSN is 457-55-5462.
I don't get the restraining order. Okay, maybe keeping him from distributing the papers, but I don't see how they can legally prevent him from discussing the matter. The idiots running the bank need to watch the movie "Hackers", since one of the classic "hacks" portrayed in the movie is dumpster diving. Though most divers aren't armed with flare guns... Or look like Angelina...
@heavylee-again: It will never happen....because our government let's sensitive information get stolen all the time.
How many laptops were stolen from the federal government last year alone? And you think that all government offices that have our information shred everything? Nope.
@friendlynerd: There was an interesting case some time ago when the police did the same trying to catch a criminal. They had no search warrant, and the prosecutors argued in court that stuff thrown in the trash is discarded and no longer the possession of whoever used/consumed it. Essentially the prosecutor (and police) argued that anything in the trash is public information.
In that case, a local newspaper then went on and dumpster dove into the police chief's trash and then went to ask him about it in his office the following day. They were almost arrested.
Funny how the situation changes when you do it "the man".
I think it's pretty ingenious for the bank to claim it's their stuff. They threw it away. However, if the dumpster diver used it to blackmail the bank, he's guilty of extortion.
@ConsumerAdvocacy1010: hmm, don't need the apostrophe in let's.....Consumerist needs an edit post option.
@fostina1: At the very least, this bank needs a shredder.
@CaptRavis: +1
@Juggernaut: mmmmm... Batter secured bank...
Once trash has been put out for collection, it's fair game. That's why the police don't need a warrant to search your trash [provided, again, that it's been put out for collection and not in your garage or backyard or whatever], because it's been held out to the public and anyone is allowed to go through it.
@Hossofcourse: And for those who didn't bother to go to the updated link:
To me, this doesn't exactly sound fit the profile of a public spirited dumpster-diving whistleblower.
I'm sure the bank appreciates everyone focusing on HOW this guy got the information. Who cares? Whatever his motives were, he has exposed bad practices that could impact the bank's customers.
Let's focus on the negligent bank that tossed sensitive information into an unlocked dumpster, not the guy that blew the whistle.
@friendlynerd: Yes.