Bank of New York Mellon security breach repeats in PA
Following a February 27 security breach in Connecticut by the Bank of New York Mellon in which it lost up to 4.5 million customers’ unencrypted financial data from banks including Wachovia, Chief Risk Officer Todd Gibbons said in a statement, “Protecting the confidentiality of our clients’ information has long been a top priority at The Bank of New York Mellon.”
But on April 29, a second breach occurred when BNY Mellon lost data containing scanned checks and payment documents in Pennsylvania, affecting 47 businesses and an undetermined amount of individual clients, as reported in the Pittsburgh Tribune-Review on May 31.
The Bank appears satisfied with its risk management team’s response: Gibbons was promoted to Chief Financial Officer of BNY Mellon on May 27 – the same week that Connecticut Attorney General Richard Blumenthal criticized the Bank for being “unable or unwilling to provide a full accounting of every individual potentially compromised.”
In a statement, the Bank claims that after the breach on February 27 that exposed customers’ Social Security numbers, names and addresses, transaction activity, and account numbers, it “immediately began the process, in coordination with its institutional clients, of notifying these individuals and offering them comprehensive fraud protection services.” But according to Connecticut Attorney General Blumenthal, the State wasn’t contacted until mid-May – not by BNY Mellon, but by Peoples’ Bank, whose customers’ information was being acquired by the Bank for marketing purposes.
Some customers have reported problems obtaining information from the Bank as to whether they were affected. Bruce Sylvester told the Hartford Courant, “My wife and I have the same account. We called up Mellon the same day and got two different answers as to whether our information was on the tape.”
The Bank initially offered customers one year of credit monitoring and $10,000 insurance – moving to the current offering of two years’ free monitoring and $25,000 insurance only after Attorney General Blumenthal criticized the initial offer as “grossly inadequate.” And even with that protection, consumer information is not posted on the front page of the BNY Mellon website or found via its search engine.
UNITE HERE believes the Bank’s customers deserve a secure system that does not allow confidential information to be lost and, above all, a transparent way to get assistance. As such, it has created the independent website to offer consumers a simple way to find the information they need to protect themselves and to monitor the BNY Mellon’s response.