In short BNY (formerly Bank of New York) acts as a supplier of services to JPMorganChase (my former employer). BNY lost a storage tape in transit with my employee information including my Social Security Number (SSN). Sound familiar? Were they working with IBM?
BNY is notifying me of the loss, apologizing and offering me some identity protection services. Sound reasonable?
It's not. Here's the stupidity behind BNY's lawyer crafted letter.
- BNY found out about their loss of my identity information on Feb 27, 2008. Their letter notifying me arrived on June 21, 2008. That's a full 115 days or almost four months. No amount of internal hand wringing at BNY Mellon or Marketing/Legal spin can explain why a company would wait 4 months to notify someone of this loss. This demonstrated lack of concern for their customers ensures that I will never knowingly do business with BNY Mellon.
- BNY's meaningless statement of "while we have no reason to believe your information has been or will be accessed or misused" raises a lot of questions. How do they know the intent of whomever now has the tape? Does BNY know who has it? How can they predict the future on what will happen to my identity information that they lost? How does BNY know that if in the past 115 days a credit card was taken out under my name that it was truly me? They don't. The statement is meaningless and meant to make me feel better when it only raises concerns on what BNY knows and doesn't know.
- BNY is giving me 90 days to activate the identity protection service they recommend. That's nice - you take 115 days to notify me but I only have 90 days to activate. Shouldn't my time to decide on whether to use your service be as long as your time to decide to notify me?
- BNY didn't encrypt their data. Simple stupidity that should result in the firing of their CIO. Sensitive data that is moving outside of a company's data center (in this case on a backup tape) should be encrypted so it would be of no value if it fell into the wrong person's hands. This is not rocket science but may be at BNY Mellon.
- BNY Mellon is downplaying the loss. Their statement of "could not account for one of several boxes of backup tapes" while accurate is not forthcoming. Did they think I wouldn't Google: BNY Mellon data loss and find out that this story was covered in the press and that BNY Mellon had lost 6 - 10 tapes in that box covering 4.5 Million customers with their SSNs? Click here for the Google search.
- BNY says in a note at the bottom that theft insurance doesn't apply in NY state. They blame it on a regulation and have no other option for New York state customers. That's the former Bank of New York telling customers of the former Chase Manhattan Bank that their protection doesn't apply in New York. Good thing I live in CT.
Is this stupidity by BNY Mellon a one time event? Read another article at Pittsburgh Tribune-Review and see.
It also appears that BNY Mellon has been extending it's identity monitoring service from 12 months to 24 months. If BNY really has no concern about what will happen to my identity info then why would they be adding more monitoring time? Click here to see where they extended the time for 1400 brokers at SAIC who's data was on one of those tapes.
SAIC put significant effort behind crafting a FAQ for its brokers that makes the comparison to BNY Mellon telling for a Company Acting Badly. See SAIC's FAQ here. They go so far as to recommend that individuals consider changing bank accounts used with BNY Mellon.
Posts
0 comments:
Post a Comment