Forwarded from: Marjorie Simmons <lawyer@private> http://www.miami.com/mld/miamiherald/8019815.htm Mon, Feb. 23, 2004 Associated Press ST. LOUIS - State investigators are trying to pinpoint whether Southern Commercial Bank perhaps compromised the privacy of more than 40,000 customers by e-mailing unsecured personal data to an independent computer programmer. The information included bank account, Social Security numbers and addresses of customers who have loans and demand deposits, including checking, savings and money market accounts, the St. Louis Post-Dispatch reported Monday. Regulators are concerned because such information could be used to commit identity theft, either by the person who receives it or by someone who accesses the computer or the transmission. St. Louis-based Southern Commercial said it did not violate its own policies or federal regulations designed to protect customer information. "There is a statement of policy, not laws, involving the transmission of data over the Internet," said Eric McClure, commissioner of the investigating Missouri Division of Finance, which regulates state-chartered banks including Southern Commercial. "Generally, unencrypted information is not recommended." St. Louis Federal Reserve Bank officials said the matter would be reviewed during the bank's next examination. McClure said anyone who knowingly or intentionally shared the data could face federal criminal charges, punishable by up to five years in prison. "We've got zero tolerance for this information being out there," said Joe Elstner, a spokesman for St. Louis' Federal Reserve Bank. Rick Henderson, a Kirkwood computer programmer, said Tom Green - vice president of one of Southern Commercial's 10 branches - sent an e-mail in October that included the questioned information in an attachment. At the time, the subcontracting Henderson was trying to finish work on a computer program that was to help the bank improve customer service. When he got e-mailed to him personal information on more than 40,000 of the bank's customers, "I just about fell out of my chair when I opened it, and it was the real thing." He said he contacted state regulators and the Post-Dispatch after he was not fully paid for his subcontracting work. Henderson said he did not illegally use the customers' information and does not intend to do so. He said he no longer has the information, and the e-mail with the attachment was deleted when he rebuilt his computer. Dick Illyes, president of the bank's contractor, Micr Automation Inc., said Green "made a mistake" when he sent the e-mail with attached records and simply assumed Henderson "was trustworthy." The bank's attorney, Jeff Demerath of St. Louis, sent a letter last month to Henderson demanding that he return the information or provide proof he destroyed it or face prosecution. Henderson said he did not respond, though Demerath said Southern Commercial said it is satisfied the information was not and will not be disseminated. Since the incident, Demerath said, the bank has revised its practices regarding the sharing of customer information with vendors. Joe Elstner, a spokesman for the Federal Reserve Bank of St. Louis, said that while banks may share sensitive customer information with vendors under contract, banks may not share such information with outsiders. Illyes said Micr - a longtime check-processing consultant to the bank - treated Henderson as its employee, though it has no written contract with him. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 24 2004 - 06:43:23 PST