Yet Another Good Reason to use PGP – Bank Sends Email to Wrong Gmail User
September 23, 2009 by Jimson Lee · Leave a Comment
How many times have you sent an email to the wrong address?
If you mistyped it, and it bounces back from MAILER-DAEMON, no big deal. (Inside joke – In my early days of Tech Support, I had an client asking me who the hell was “MAILER DAEMON”?)
If you worked in a Corporate environment who used Microsoft Exchange, you could simply retract it, or ask your SysAdmin to retract if for you.
But what if you sent it to a Gmail, Yahoo! or Hotmail user and that mistyped email address actually existed?
And what if that email contained confidential information?
You could ask support at Gmail, Yahoo! or Hotmail to retract it for you.
Good Luck.
Unless you have a subpoena or court order, again, good luck. And by the time they do get it, the user would have opened the email anyways.
This is no joke, just like a CEO printing out a copy of the employee payroll and leaving it on the public print server. Or worse, the lay-off sheet that ranked all the employees by “importance”.
Here’s a good story from The Register:
In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address – along with a file containing confidential information for 1,325 other customers.
After a failed attempt to recall the email, the employee sent a second note to that wrong address, requesting that the confidential email be deleted before it was opened. There was no response, so the bank contacted Google to determine what could be done to ensure that the confidential info remained confidential. According to the court papers, Google would not provide information on the account unless it received a subpoena or "other appropriate legal process."
So the bank sued.
In a perfect world, all users would have PGP installed (or similar security technology) and unless you have the right public and private key combination, getting an email and/or zipped attachment would be secure.
The last thing you want is information in the wrong hands of people trying to make a fast buck.
We have enough horror stories out there.
UPDATE Sept 29, 2009: Google has resolved a lawsuit. See http://www.theregister.co.uk/2009/09/28/google_rocky_mountain_bank_suit_rollls_on/
Related Articles on CRM Help Desk Software.com
- CloudMagic for Instant Gmail Search
- Why I Love Salesforce.com Integration with Google Apps
- Customer Service: Smile, Eye Contact, Use Last Name
- Charter Communications 14,000 Customers Loses Email
- Offline Email Alternatives to Outlook IMAP – Gmail and Google Gears
Recent Articles on CRM Help Desk Software.com
- Oracle Acquires Vitrue
- Your Data is your Corporate IP so Why Put It at Risk?
- World’s First SIM Swap Fraud Solution for Banking Industry
- Salesforce.com Delivers Real-Time Communication for the Social Enterprise with Chatter Messenger and Chatter Screensharing
- Salesforce.com Sees Tremendous Growth Across Europe, Increases Local Investment
- Watch Cloudforce London 2012 Live!
- Worldwide Study Shows Global Business Anti-Social in a Social Media Age
- SplendidCRM Announces Version 6.5 With Social Media Libraries
- NetSuite Announces Commerce as a Service (CaaS)
- Veeva Systems Announces Dramatic Growth in Europe
About Jimson Lee
Jimson is a freelance industry analyst, with over 25 years experience in the IT industry. Prior to joining CRMHelpDeskSoftware, he spent 4 years as a Senior Consultant at Sierra Systems Group, part of Golden Gate Capital, a leading private equity firm with $9 billion in capital under management. Jimson currently resides in Rome, Italy.
