Blog article
See all stories »


Ever clicked send on an email, and instantly regretted it? I think we’ve all been there – but perhaps not to the scale of one UBS employee this week, where a small error has created some rather significant repercussions.

Yes, this is the story of a UBS employee who inadvertently sent an email containing financial details of the then client General Motors’ to more than 100 people. Whoops!

GM have now pulled the plug on the deal – widely regarded as one of the largest currently in the market in an action that could end up costing the Swiss bank $10 million!

Now that’s what I call an own goal – and what a blow this is for the investment and wealth management bank’s reputation.

GM exposed the leak. So it’s safe to assume that once again the source of the data loss – UBS in this case – had no knowledge of the loss until a 3rd party mentioned it. This happens worryingly often. Not only are we losing data, but we aren’t aware when and where it’s gone!

Nick Lowe, head of Check Point’s Western Europe sales division commented: ‘We’ve all made this type of mistake at some point, either by choosing the wrong auto-fill email address, or selecting the wrong email distribution group.’

If we’ve all experienced this in the past, why aren’t we learning from our mistakes – especially with such important information? Yes it’s an accident, but GM has taken no sympathy in dropping UBS as chief underwriter – avoidable mistakes just do not wash with clients, particularly those spending these sorts of figures, and rightly so!

My sympathies go out to what many of you may believe to be the villain in this sorry episode – the ‘sender’. Such an easy to make error, may just have cost him his career. Why – because of UBS lazy and frankly inexcusable approach to client data security.

Where are company policies, protecting information of this nature, and their staff for that matter? A simple mistake caused by a lack of proper safeguards has resulted in one employees being the unfortunate, yet convenient fall guy for UBS.

Until all of us, not just UBS start properly protecting the data of ourselves, as well as clients – accidents and mistakes will happen. That's just a fact of life. Email compliance is not difficult to implement, yet 65% of all data leaks still occur by email, the majority of which are easily preventable.

$10 million loss of business, reputation dragged through the mud, I'm sure UBS will start taking email compliance seriously – does it really have to come to this before we will all sit up and take notice?

I will be interested to see if the Information Commissioner or the FSA have anything to say about this in the coming months.


Comments: (0)

Blog group founder

Retired Member

Member since

19 Mar 2009


Blog posts




This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all