back to article Bank snafu Gmail missive never opened

The confidential email at the heart of a roundabout US lawsuit against Google was never opened, according to the bank that accidentally sent the missive to the wrong Gmail account. This summer, according to court documents, an unnamed employee with the Wyoming-based Rocky Mountain Bank was asked by a customer to send some loan …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    Oh noes

    But Google will give out my identity! Everyone will know that my real name is "asasdsasdas jkjkjljkjk", and my home country is Azerbaijan. At least, that's what I wrote when I signed up.

    Seriously, why be worried? Who uses a Gmail account for anything seriously important, and who the heck puts all their personal data into it? Yes yes tracing IPs and whatnot. But seriously.

  2. Alastair 1

    Rule of Law

    "The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order..."

    Look, you've ended every article on this subject with some similar piece of vague but dire warning and to me it seems a little like FUD.

    Just tell us - do you think that it is wrong for Google to obey the rule of law? Because the law is that Google - and anyone else - can be compelled by court order. Banks, supermarkets, ISPs, doctors - shock horror, they'll give it up when the correct and due legal process is applied. It's an outrage! No of course it isn't.

    Ok, now tell us - have Google ever claimed that this was not the case? Did anyone seriously at any time assume that Google had god-like, government-ignoring powers that distinguished it from every other corporate entity on earth? No, of course not.

    Put up or shut up. Leave vague innuendo and threat to the likes of Microsoft Linux studies. Everything you've given as evidence suggests that Google did the right thing, i.e. nothing until they were compelled by law. You might disagree with the law, but you can't seriously complain because they obeyed it!

  3. David 45

    I smell a lawsuit

    Seems Google had no choice in the matter but I hope the account owner sues the pants off the bank and that, somehow, the judge responsible gets HIS come-uppance. These people should at least take technical advice before they make what appears to be a knee-jerk reaction without the know-how to back it up.

  4. Paul 25

    "the wrong Gmail account"

    Does that imply there was a "right Gmail account" to send highly sensitive data to?

    Yikes!

  5. Anonymous Coward
    Anonymous Coward

    Err...

    Was the decision to temporarily suspend the user's account because the mail hadn't been opened? In which case, it would seem quite sensible.

    Also, you describe the person sending the mail as a bank employee, would it be safe to assume they are a former bank employee?

  6. Anonymous Coward
    Thumb Up

    It amazes me

    that these companies are sending stuff like that through the tubes with no encryption anyway. One record is excusable if it's going to a customer, but still, even a zip file with a password on would be better than nothing.

    it similarly amazes me when we sell our outsourced email DR platform too. Customers always ask about encryption and storage and whether we can see their emails. Fortunately we encrypt, but the tubes and routers that the messages pass through don't...

  7. Anonymous Coward
    Anonymous Coward

    Repeat after me, "email is not secure"

    "The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order or subpoena or natural security letter to divulge such info."

    Sod that, I want to know whether or not the idiot at Rocky Mountain Bank got fired for sending personal data over an unsecured connection.

  8. Anonymous Coward
    Anonymous Coward

    Reminds me.....

    of the ability to "play" the UK Court system. As you will know Judges decisions vary greatly. There is a way to go before 1 Judge and if he makes decision you dont like then you can go again, and again and again etc etc UNTIL you hopefully find one that gives you what you want. Seems his Bank hit it first time.

  9. Thomas 18
    Grenade

    Disabling mail account?!

    So is it ok to blow up peoples post boxes if they get a misdirected postal packet?

  10. Richard Hodgson
    FAIL

    Where's the investigation?!

    A bank sends confidential, and I'm assuming completely unencrypted financial information about their clients to an external email address hosted on a third party mail server? There are so many security issues here it's ridiculous.

    If this were a UK organisation, they'd have been investigated for their terrible data practices. Understandably, the bank panicked and tried to get the information deleted, even if they went about it in the worst way possible.

    However what really concerns me is this: They don't seem to show any sign of conscience here, and no acknowledgement that they have done anything wrong beyond accidentally sending it to the wrong email address. There's no mention of a review of their current security practices, or of the employee involved being reprimanded, or of a plan to better train their employees regarding the security of confidential information.

    If my bank acted so nonchalantly after a major security incident, I sure as hell wouldn't hang around and let it happen again.

  11. KaD

    Google A-OK With Me

    I am actually encouraged that Google told the bank to piss off unless they have a court order. The bank would have threatened Google to do immediately what they wanted or else, and Google did not back down. I wish ISP's had at least this amount of backbone instead of telling the RIAA, MPAA, SOCAN, BPI, IRMA and such organizations user information because of intimidation tactics.

  12. Anonymous Coward
    Paris Hilton

    ..shouldn't you...

    ..be writing about wikipedians blogging about each other's tweets regarding tedious infidelities?

  13. Anonymous Hero
    Gates Halo

    @Alastair 1

    Apart from the irrelevant and out of context anti Microsoft babble at the end of your comment, I whole heartedly agree.

  14. Anonymous Coward
    WTF?

    Isn't anybody bothered

    that you can get a court to demand these details because of your own stupidity?

    The court should have refused to compel Google, on the grounds that it was the bank's problem, not Google or the email customer's.

  15. Simon B
    Grenade

    Bank says wasn't , so must mean was!

    "... in an email to The Reg, the company declined to say what information was revealed."

    "... according to a report from CNET News, the bank has said that the confidential message was never opened and that it has now been permanently deleted."

    Oh the BANK says it wasn't opened, yet Google appears silenced. Easily translated by the masses as it WAS comromised and we've silenced Google who are happy to screw people anyhow, in my opinion.

  16. Doug Thompson

    Quit blaming the employee

    The employee made a simple mistake while following instructions that, at best, demonstrated an overwhelming lack of common sense and complete ignorance of how to protect electronic data on the part of the manager/supervisor that issued the instruction. There are far bigger fish to fry than the schlub who committed the sin of following wrongheaded orders.

  17. Tzael

    maybe...

    ...the person who was the unintended recipient selected the 'mark as unread' option after they viewed it? Though I guess it doesn't matter, the bank would rather let people believe that it's unread and the information is safe. Maybe I'll go take a look at Wikileaks...

  18. Mike T
    Coat

    " ... natural security letter" ?

    I think you mean a nashn'l security letter? Or perhaps natural selection now requires pre-approval (this is the States after all).

    Mine's the one with "on the Origin of Species" in the pocket.

  19. Anonymous Coward
    Anonymous Coward

    Careful - don't mix up two separate issues

    1 - compliance. As any company, Google has to comply with local law, which raises interesting questions in itself about jurisdiction - Google Switzerland, for instance, has a problem as that is responsible for the whole EU but Swiss laws differ. So, for email security you'd like to hold it in a country that is fanatic about Data Protection and will require *evidence* or warrented suspicion before a warrant is issued (I would not call the UK RIPA 2000 a barrier to unauthorised snooping).

    2 - custodial duties. Once a warrant has been issued, the question is what happens to the data released. You will find in most countries that there is are no real custodial duties imposed, so if you're a private banker or a GP you may find that your precious data is suddenly handled by a junior policeman. The joys of yelling "terrorist". There are, however, countries where data released under warrant is strictly controlled. In Switzerland, for instance, will you have an investigative judge, who is the only one to look at the released data. Only on evidence of crime can the exact data set that proves this be released for evidence.

    I would not touch Gmail even if it was a Gstring, sorry. But I'm picky that way anyway, I intensely dislike people spying on me for dishonest reasons (I'm OK with proper due process, because I don't have anything to hide - I just hate abuse).

    Oh, and I put my money where my mouth is - I just set up a new email system in Switzerland. Just have to write up the details..

  20. Anonymous Coward
    Grenade

    On the bright side

    At least the bank lost some money paying lawyers and were forced to follow due process... we can't help it if the due process was not to our liking..

    Hmmm grenade

  21. This post has been deleted by its author

  22. Quirkafleeg
    Headmaster

    Re: Disabling mail account?

    “So is it ok to blow up peoples post boxes if they get a misdirected postal packet?”

    Wouldn't that inconvenience many others who also use the same post box (assuming no others nearby and, perhaps, no nearby post office)? Wouldn't it be better to destroy (well, seal up) their _letter_ boxes?

This topic is closed for new posts.

Other stories you might like

  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Hangouts hangs up: Google chat app shuts this year
    How many messaging services does this web giant need? It's gotta be over 9,000

    Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday.

    Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail. 

    Continue reading
  • It's a crime to use Google Analytics, watchdog tells Italian website
    Because data flows into the United States, not because of that user interface

    Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.

    The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.

    So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • Google recasts Anthos with hitch to AWS Outposts
    If at first you don't succeed, change names and try again

    Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.

    Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

    Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.

    Continue reading
  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com.

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading

Biting the hand that feeds IT © 1998–2022