31 March 2015


Retired Member

795Posts 2,539,370Views 1,010Comments

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


23 November 2010  |  4756 views  |  0

Ever clicked send on an email, and instantly regretted it? I think we’ve all been there – but perhaps not to the scale of one UBS employee this week, where a small error has created some rather significant repercussions.

Yes, this is the story of a UBS employee who inadvertently sent an email containing financial details of the then client General Motors’ to more than 100 people. Whoops!

GM have now pulled the plug on the deal – widely regarded as one of the largest currently in the market in an action that could end up costing the Swiss bank $10 million!

Now that’s what I call an own goal – and what a blow this is for the investment and wealth management bank’s reputation.

GM exposed the leak. So it’s safe to assume that once again the source of the data loss – UBS in this case – had no knowledge of the loss until a 3rd party mentioned it. This happens worryingly often. Not only are we losing data, but we aren’t aware when and where it’s gone!

Nick Lowe, head of Check Point’s Western Europe sales division commented: ‘We’ve all made this type of mistake at some point, either by choosing the wrong auto-fill email address, or selecting the wrong email distribution group.’

If we’ve all experienced this in the past, why aren’t we learning from our mistakes – especially with such important information? Yes it’s an accident, but GM has taken no sympathy in dropping UBS as chief underwriter – avoidable mistakes just do not wash with clients, particularly those spending these sorts of figures, and rightly so!

My sympathies go out to what many of you may believe to be the villain in this sorry episode – the ‘sender’. Such an easy to make error, may just have cost him his career. Why – because of UBS lazy and frankly inexcusable approach to client data security.

Where are company policies, protecting information of this nature, and their staff for that matter? A simple mistake caused by a lack of proper safeguards has resulted in one employees being the unfortunate, yet convenient fall guy for UBS.

Until all of us, not just UBS start properly protecting the data of ourselves, as well as clients – accidents and mistakes will happen. That's just a fact of life. Email compliance is not difficult to implement, yet 65% of all data leaks still occur by email, the majority of which are easily preventable.

$10 million loss of business, reputation dragged through the mud, I'm sure UBS will start taking email compliance seriously – does it really have to come to this before we will all sit up and take notice?

I will be interested to see if the Information Commissioner or the FSA have anything to say about this in the coming months.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

Will we still have universal banks in the future?

19 January 2015  |  1977 views  |  0  |  Recommends 0 TagsRisk & regulationStart ups

Streamline operations for compliance

03 December 2014  |  1887 views  |  0  |  Recommends 0 TagsRisk & regulationPost-trade & ops

Anyone know where good conduct went or how to get it back?

20 August 2014  |  3202 views  |  0  |  Recommends 1 TagsSecurityRisk & regulation

Do you KYC well!

23 July 2014  |  1310 views  |  0  |  Recommends 0 TagsSecurityPayments

My thoughts on Digital and Branchless banking

21 July 2014  |  2063 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Ketharaman Swaminathan
Melvin Haskins
Tony Wenzel
Paul Love