The Bank of New York Mellon (formerly Bank of New York) Shareowner Services lost some computer tapes through courier neglect in February. BNY Mellon began, gradually, to inform affected parties — including people who had never done business directly with BNY, but whose data had been handled by them — that their personal information was on the tapes, including names, addresses, and Social Security numbers.
Alerts went out in Maryland, Florida and Connecticut. Over time the number of affected parties, originally reported at 4 million, was revealed to be about 12 million.
If you live in New York and have ever done business with BNY, consciously or not, you may expect a notice soon. We got one today.
Click the thumbnail to see it:
BNY offers alerted parties a free look at their own credit reports to make sure that they haven’t been ID-defrauded, and “$25,000 in identity theft insurance (where permitted by local law).”
BNY says that they “have no reason to believe that your information has been or will be improperly accessed or misused as a result of this incident,” but we wonder how they can be so sure, especially since the information is thought not to have been encrypted.
“There is absolutely no acceptable excuse as to why this information was not encrypted on these tapes,” says Information Week’s security blog. “None.”
Meantime we have learned that BNY Mellon is serving as a corporate trustee for the debt issues of failed Lehman Brothers. We wonder if their data handling practices have improved since then.