Rocky Mountain Bank: Rocky, Rocky Security!

By  |  Friday, September 25, 2009 at 10:58 am

Gmail in courtMediaPost is reporting that Rocky Mountain Bank, a small institution in Wyoming, accidentally e-mailed the names, Social Security numbers, addresses, and loan information to a Gmail address. When it realized its mistake, it e-mailed the address again and got no response–so it went to court, and a California appellate court judge has told Google that it must deactivate the Gmail address in question. Even though nobody’s accused the e-mail recipient of doing anything wrong.

MediaPost’s story leaves multiple obvious questions unaddressed, so I’m cautious about expressing any opinion at all about this story. The biggest one: Does anyone know who the Gmail account belongs to, and has anyone made any attempt to contact its owner other than Rocky Mountain’s initial e-mail? Do we know that the recipient is using the account at all? Do we know who this person is?

The temptation to heap scorn upon District Court Judge James Ware is obvious, but I’m most appalled by the reported initial actions of Rocky Mountain Bank. Why was anyone there e-mailing Social Security numbers to anyone? The company has a security statement on its site explaining the measures it takes to protect customers’ Social Security numbers, but I find no acknowledgement of this Gmail incident. (“Dear customer: We accidentally leaked your private information to a random stranger, and we’re not sure what he or she is doing with it. Our apologies, etc., etc.”)

While I was rummaging around the Rocky Mountain site hoping to find useful information, I clicked on the Letter From CEO link, and got this:

Rocky Mountain Bank

Doesn’t exactly inspire vast amounts of confidence, does it?

 
7 Comments


Read more: , , ,

4 Comments For This Post

  1. Dave Says:
    September 25th, 2009 at 12:05 pm

    Aside from the the “who did the information go to ?” The simplest way to explain the security of email to non-technical people: email is like a postcard. Anyone along the way can read it. The internet does not provide any security for data it carries and the data can be captured by anyone along the way. The only answer is encryption. If the recipient does not have the key to the encryption then they can’t read it – and it becomes moot that it was sent to them.

  2. Phil Howard Says:
    September 26th, 2009 at 5:48 pm

    In another article on this issue, bank CEO Coleman Andrews is quoted as saying “Our software is on the cutting edge of security already and is above the industry standard.” Huh? This is just incredibly dumb. People like myself who work in IT security already know that security is NOT about what software or hardware you install. Security is a fundamental aspect of the entire operation. You don’t become secure by installing security software. This case can prove it to the masses. But real security people have know this for many, many years. The Rocky Mountain Bank needs to do more than just an overhaul of their security software (it should have blocked this … by scanning every outgoing email for confidential info). It needs to overhaul staff training, as well as auditing.

    The referenced article is here: http://www.jhnewsandguide.com/article.php?art_id=5099

  3. dog house plans Says:
    October 10th, 2010 at 1:40 am

    http://www.efreeshedplans.com/dog-house-plans/dog
    this is a very nice blog very much interesting especially to all wide readers please come and visit blog often.

    dog house plans

  4. doug Says:
    December 10th, 2010 at 2:47 pm

    sounds like rocky mountain bank ,from my experience with them i assumed they had hired some grade school kids to oversee bank security i never seen such a huge pile of incompetent people all in one place .now there e-mailing customers information around , maybe if the CEOs information was mailed around to everybody he would get something done about his lack of bank security :FORMER rocky mountain bank customer.

3 Trackbacks For This Post

  1. alt-tag.com » Blog Archive » Federal judge ignores rights of individual Says:
    September 25th, 2009 at 11:56 am

    […] think the post from Technologizer stabs at the root issue, though: The temptation to heap scorn upon District Court Judge James Ware […]

  2. Rocky Mountain Bank Acts Rationally | Technologizer Says:
    September 28th, 2009 at 7:31 pm

    […] all:&nbspNews Rocky Mountain Bank–the institution that reportedly sent a Gmail user a list of its customers’ names, Social Security Numbers, and loan… then went to court to force Google to disable the account–has taken a step in the right […]

  3. Rocky Mountain Bank should be more solid now - Adventures of an Eternal Optimist Says:
    October 7th, 2009 at 12:55 pm

    […] for example, Rocky Mountain Bank of Wyoming USA.  An employee of the bank emailed sensitive details about 1375 customers to the wrong Gmail user, and now the bank is suing Google to discover who this […]