Wells Fargo accidentally leaked thousands of sensitive documents, but not in the way you think. The bank wasn't hacked, and its computers didn't go on the fritz: it just inadvertently sent 1.4 gigabytes of files to a former financial adviser who subpoenaed the company as part of a lawsuit against one of its current employees. While 1.4GB of files doesn't seem that big, the collection includes at least 50,000 customers' names, Social Security numbers and sensitive financial info. According to The New York Times, which confirmed the contents of the documents, the affected clients are some of Wells Fargo's wealthiest, with investment portfolios worth tens of billions of dollars.
The copious amounts of spreadsheets in the collection were apparently handed over to Gary Sinderbrand, the former financial adviser, with no confidentiality agreement. Angela A. Turiano, the lawyer who sent him the files on a CD, explained that what happened was a mistake caused by working with an outside vendor. That vendor was supposed to vet the documents as part of the court's discovery process and ensure Sinderbrand only received a handful of emails and files related to the case. The plaintiff was also supposed to receive a protective order issued by a judge with the files, but he didn't get one, as well.
Turiano said she asked Sinderbrand and his lawyer to return the CD. The lack of confidentiality agreement means the former adviser can legally release all the information he got, after all. If he does, it's Wells Fargo that will be in even more trouble. According to NYT, the vendor error can be classified as a data breach that "potentially violates a bevy of state and federal consumer data privacy laws that limit the release of personally identifiable customer information to outside parties." Considering the affected clients aren't your Average Joes, they can more than afford to hit the bank where it hurts.
It's unclear if Sinderbrand will comply with Turiano's request. His lawyer said the plaintiff plans to keep the CD secure and confidential for now as they "evaluate his legal rights and responsibilities." Either way, it was Wells Fargo's job to keep those clients' data under lock and key. If it can fail to protect its top customers, then what hope is there for the rest of us?