[BreachExchange] Wells Fargo Huge Data Breach - Lessons for Firms and Their Lawyers

[Audrey McNeil]

http://seclaw.blogspot.com/2017/07/wells-fargo-huge-data-breach-lessons.html

Multiple news sources are now reporting that Wells Fargo is being
investigated for the release of personal information of approximately
50,000 clients to a former employee.

The New York Times reported on Friday that the bank's attorneys had release
1.4 gigabytes of customer data to the former employee in response to a
subpoena served on the bank in connection with a suit between the employee
and another employee.

According to the NYT, the employee estimates that he now has information
regarding 50,000 clients, including customer names, their social security
numbers and financial information, like the size of their investments and
the fees that they have been charged.

The NYT is also reporting that the information was delivered by the bank's
attorneys, without a protective order or a confidentiality order. In
theory, without those protections, the employee can release that
information publicly, although his attorney says he will hold the
information secure and confidential while they evaluate his legal rights
and obligations.

Wells Fargo maintains that the release was accidental and is seeking the
return of the information. Wells Fargo blamed its outside counsel, who in
turn blamed their outside discovery vendor.

The lesson for Wells Fargo is obvious - as is the lesson for lawyer and law
firms. We are handling confidential information regarding customers and
third parties. You need, at a minimum, to have a protective order in place,
and the documents need to be identified as being confidential.

Anything less has the potential to create legal and regulatory issues for
your client.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170725/82ccf436/attachment.html>