The bank has set up a web page to keep affected customers informed

Bank of New York loses 12.5 million customer details

Possibly the largest data breach this year, bank admits

vnunet.com, 29 Aug 2008

The Bank of New York Mellon (BNY Mellon) has admitted that the number of its customers hit by a data breach was much larger than previously stated.

The bank informed customers in May that 4.5 million customer account details, including names, addresses, dates of birth and Social Security numbers, had been compromised after two sets of tape backups went missing from a third-party courier.

However, it has now increased that figure to 12.5 million, possibly making this the biggest data breach of the year.

“It is simply outrageous that this mountain of information was not better protected, and it is equally outrageous that we are hearing about a possible six million additional individuals and businesses six months later,” said the Connecticut governor Jodi Rell.

“We fear a substantial number Connecticut residents are among this latest group. Had the hundreds of thousands of Connecticut residents affected been notified immediately that their data had been compromised, they could have taken steps to protect themselves.”

She added that she was considering levying financial penalties over the breach and instructing it to make financial restitution to customers. Her consumer protection commissioner Jerry Farrell Jr is investigating the case.

"Nothing in the data we were given in May and June by BNY Mellon indicated in any way that these additional six million individuals and businesses were involved," said Farrell.

“This certainly raises serious additional questions about how secure personal identifying data is at BNY Mellon and widens the scope of our investigation.”

Bank of New York Mellon is the world's largest custodial bank and one of the 10 largest asset managers. It is notifying customers about the breach, but says there is no evidence that the data has been abused.

The bank has set up a web page to keep people informed and is offering two years of free credit monitoring, $25,000 worth of identity theft insurance, reimbursement for the cost of one placement and one removal of a credit freeze for each of the three national credit reporting bureaus to customers affected.