Bank of New York Mellon Data Loss
Yesterday I got a letter in the mail from BNY mellon stating that my personal information was involved in a loss of data that occurred in February 27th, 2008. This was a surprise to me, since I do no business directly with BNY Mellon. From their website is this statement:
"In late February, one of ten boxes of back-up data storage tapes was discovered missing from a third-party archiving vendor responsible for transporting the tapes to an off-site storage facility from BNY Mellon Shareowner Services' facility in New Jersey. BNY Mellon Shareowner Services serves as a stock transfer agent and stock plan administrator for public companies. The tapes included shareowner and plan participant account information, such as name, mailing address, Social Security number, and transaction activity."
At first I thought this might be a scam of some sort, but digging around on the internet allowed me to pretty much confirm that this is a real bank and a data loss did occur. Trying to find my connection to it is a little more tricky. My investment accounts are:
Zecco, who goes through Penson Worldwide.
TSP, who goes through Barclays Global Investors
Vanguard, I don't think they have any intermediaries
Sharebuilder, who now has ING, but may have had an affiliation at the time. But I can't really find any connections between BNY Mellon and sharebuilder with google searches or their website.
The BNY Mellon website goes on to state: "The forensic investigation initially identified approximately 270,000 individuals and 409 institutions with data on the tapes. The Company worked closely with its institutional clients to notify these individuals, which was completed by early April. The continuing forensic investigation also identified approximately four million additional individuals and 293 additional institutions with data on the tapes."
Four million people affected. Thats > 1% of the United States population. To see the full info go to the website here.
The letter offered 24 months of free credit monitoring by Experian through there Triple Alert program, as well as $25,000 fraud protection insurance. I could write more about that, but I've Been Mugged did a good review of the service looking from the outside in. I agree with him on most of the points he makes. Interestingly, One of his commentators is in the same boat I am and did sign up for the offer. I made a comment as well.
Free credit monitoring would be nice, but at the same time I'm not sure I'm even getting my moneys worth then because of hassles the Triple Alert program may entail. I'm consider one of the more advance credit monitoring services, especially since I'm becoming more involved with credit cards and debt. Identity theft can be a scary thing.
i also received this notice. Maybe this is related to viewpoint bank (formerly community credit union) in some way?
Posted by: joey | June 27, 2008 at 12:15 PM
My experience with IBM's data breach taught me that often, companies may not have an idea of exactly what data is on the lost (or stolen) data backup tapes. They usually have to recreate those tapes. And those data tapes can include information about both current and former customers, since many companies -- like IBM -- archive customer data forever.
In IBM's case, they hired a private investigator to find me since, a) I'd moved several times, and b) I no longer worked for IBM. One could argue this is due diligence.
I suspect that much is the same with Bank NY Mellon.... their lost/stolen data tapes contained information about both current and former customers. And, I suspect that Bank NY Mellon also hired a private investigator to find people, and tha investigator's efforts may have been accurate or not. hence, you received a breach notice even though you are not a Bank NY Mellon customer.
This week, I wrote a post about this mess:
http://ivebeenmugged.typepad.com/my_weblog/2008/09/bank-of-new-york-mellons-data-breach-widens.html
George Jenkins
Editor
http://ivebeenmugged.typepad.com
Posted by: George Jenkins | September 24, 2008 at 05:42 AM