making
headlines

Bank Revelations Add Fuel to the Fire

Like many fathers of teenage children, attorney Michael Stratton is familiar with the process of prying information from them. There's partial truth, procrastination and finally after further questioning, more of the truth comes out.

He said dealing with Bank of New York Mellon is similar.

When the bank found out that it lost a box of bank back-up tapes in February, they notified officials three months later that 500,000 Connecticut residents who are People's United Bank customers were affected.

Now, after further investigation, the bank has informed state officials that an additional 150,000 customers of Bridgeport-based People's had their addresses, bank account numbers, Social Security numbers and stock shareholder information compromised when the tapes were lost in transit to a storage facility.

Such data breaches put people at risk of identity theft, but BNY Mellon has asserted from the beginning that it has no proof the personal information has been misused in any way.

"That remains the case," the company states on a web page dedicated to the matter. The 650,000 affected state residents are among an estimated 12.5 million people nationwide whose data was lost.

From the beginning, the incident has raised the ire of Gov. M. Jodi Rell, and she has brought in the Department of Consumer Protection and the Attorney General's office. Rell has been especially vocal about BNY Mellon's lack of timeliness in notifying customers of the breach, which is required by state law.

Most recently, the governor called it "outrageous that we are hearing about a possible six million additional individuals and businesses six months after the fact…Had the hundreds of thousands of Connecticut residents affected been notified immediately that their data had been compromised, they could have taken steps to protect themselves." BNY Mellon began notifying the most recently affected customers last week.

Eight Plaintiffs

Stratton also is closely involved. He has filed lawsuits against both BNY Mellon and People's, which hired Pittsburgh-based BNY Mellon Shareholder Services last year to handle some matters as People's switched from a depositor-owned mutual bank to a publicly traded entity.

"It's incomprehensible how they wouldn't have known this earlier on," Stratton said of the additional breaches.

Stratton represents eight plaintiffs in the class-action lawsuit against BNY Mellon; the current legal battle is whether the case will be heard in federal or state court. Stratton's lawsuit against People's is in state court and involves allegations that People's dumped bank files with customer information in outside garbage bins.

He has accused the banks of negligence, invasion of privacy and a violation of the state's Unfair Trade Practices Act. He is seeking seven years of credit monitoring, credit insurance and other damages for his clients.

Stratton learned of the most recent breaches through a Google alert on his BlackBerry, rather than a telephone call from BNY Mellon officials, he said, noting his displeasure. "They're not respecting our role as putative counsel," he said.

Ronald W. Sommer, spokesman for BNY Mellon, said his legal department couldn't comment on how the recent news of data breaches might damage his case or how information is dispensed to opposing counsel. He said the company's primary focus is alerting affected customers and that a comprehensive review of the matter by a data forensic firm will continue "for some time," Sommer said.

William J. Wenzel, of Pullman & Comley in Bridgeport, is counsel for People's United Bank. He said he doesn't believe the recent disclosures of additional data breaches have any impact on the pending litigation against People's. He blames the breaches on BNY Mellon losing the information.

Alfred U. Pavlis of Daly & Pavlis in Southport is counsel for BNY Mellon, but he referred all questions to Proskauer Rose partner Stephen L. Ratner, who is supporting counsel on the case. Ratner said his firm's policy is to not comment on pending litigation.

State Subpoena

The Department of Consumer Protection, at Gov. M. Jodi Rell's behest, subpoenaed BNY Mellon for specifics on what type of information was lost and what steps will be taken to protect customers.

Nothing in the information received in May and June indicated that more people were involved, said Consumer Protection Commissioner Jerry Farrell Jr. "This certainly raises serious additional questions about how secure personal identifying data is at the Bank of New York Mellon and widens the scope of our investigation," Farrell said.

BNY Mellon is providing 24 months of free identity theft protection for the Connecticut residents initially affected. State officials are pressing for the same coverage for the additional 150,000 customers.

One affected customer received a letter from BNY Mellon in mid-June informing him that his information had been lost. The 68-year-old man, who lives in Bolton, requested anonymity because of the circumstances. He told the Law Tribune that besides taking the time to cancel several accounts and open new ones, he and his wife have had serious health problems re-emerge this year. Living on Social Security, he's worried about people gaining access to his bank account. While he said he had heard news about people in his position filing lawsuits, he has not yet retained a lawyer.

Along with the two years of identity theft protection, the man was given $25,000 in identity theft insurance with no deductible. But he has little faith in such protections.

"Data thieves will simply wait two years and then strike," he said. "I get the feeling that no one is taking this seriously enough."