Bank sues Google after sending confidential data to wrong Gmail address

Bank sues Google after sending confidential data to wrong Gmail address

A US bank has taken Google to court in a bid to force the search giant to hand over information relating to a Gmail account that the financial institution wrongly sent sensitive customer data to.

According to a court document published by Wired Magazine, Wyoming-based Rocky Mountain Bank received a request from a customer in August asking for loan documents to be sent to a third party.

A bank employee sent the documents to the wrong Gmail address and also attached a file containing confidential information for 1325 individual and business accounts that were not relevant to the customer. The file includes names, addresses, tax identification numbers and loan information.

After discovering the mistake the following day, the bank unsuccessfully tried to recall the e-mail. It then e-mailed the inadvertent recipient, asking them to delete the original message without reading it. The recipient has not responded.

Rocky Mountain Bank then asked Google for information on the account but the firm said it would not assist unless forced to do so by a court order. The bank has taken legal action and its request is currently being considered.

Meanwhile, the bank filed a motion asking for complaint and motion papers to be sealed to ensure customers do not find out about the error, arguing disclosure would cause unnecessary panic and a surge of inquiries.

The bank says it needs to know whether the account is active or dormant - and therefore whether the information may have been misused - before advising customers.

However, Judge Ronald Whyte, US District Court for the Northern District of California rejected the argument, saying: "An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public's common law right of access to court filings."

He continues: "Plaintiff is already able to advise its customers that there has been an unauthorized disclosure of confidential customer information, and inform them of the steps it is taking to rectify the situation."

Comments: (1)

A Finextra member
A Finextra member 22 September, 2009, 15:37Be the first to give this comment the thumbs up 0 likes


Let me make some educated guesses:

1) The loan papers emailed also carried the name, address, social security number, account number, annual income and mother's maiden name of the loan applicant - on top of the 1300 other odd account numbers and names?

2) The loan officer did not mind sending the info on the OPEN INTERNET to a previously unsdisclosed webmail address like

3) This request came via normal telephone where the caller's identity cannot be verified?

HELLO America!  Do you want your confidential information be sent to you on a postcard? Oh you don't, why not? But an email is still OK?

I gradually start to get the picture of the true magnitude of identity theft problems in the US...

Google:  Good job. I would not disclose the email either. Or delete it. Or do anything about the case whatsoever. Let the bank suffer for its utter stupidity.

And if Robert Siciliano is reading this, please, I would like to see your comments as well   ;-)


THE STATE OF DIGITAL BANKING, 2019 - Landscape: The Digital Banking Strategy Playbook
Embracing Open Banking with Secure and Interconnected APIs

Trending Stories