DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rocky Mountain Bank reveals “oops” in court papers

Posted on September 22, 2009 by Dissent

As  noted on PogoWasRight.org yesterday, Thomas Claburn of Information Week reports that when Rocky Mountain Bank tried to get a court to seal its lawsuit against Google to compel disclosure of  information on the recipient of an errant Gmail containing sensitive customer information, the court declined.

It looks like the Streisand Effect has struck again, as now the media are not only reporting details of the breach that were included in the judge’s ruling denying the seal, but Rocky Mountain Bank may get a worse reputation for trying to perhaps justify not disclosing their error to the 1,325 customers whose details were mis-sent to the wrong Gmail address.

So in the absence of an actual breach disclosure notification by the bank, this site views the court order as a breach disclosure. A copy of the judge’s order (pdf, courtesy of Threat Level) indicates that the court did not agree that determining whether the email had been opened was necessary in order to inform customers of the breach:

Plaintiff argues that if its complaint and motion papers are not filed under seal, all of its customers may learn of the inadvertent disclosure. Plaintiff further argues that publication of the disclosure before it determines whether the Gmail account is active or dormant will unnecessarily create panic among all of its customers and result in a surge of inquiry from its customers. In his declaration, Mark Hendrickson, states that “until there is a determination that the Confidential Customer Information was in fact disclosed and/or misused, the Bank cannot advise its customers on whether there was an improper disclosure.” (See Declaration of Mark Hendrickson in Support of Motion to File Under Seal, filed herein on September 18, 2009, ¶ 18.)

An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public’s common law right of access to court filings. Plaintiff is already able to advise its customers that there has been an unauthorized disclosure of confidential customer information, and inform them of the steps it is taking to rectify the situation.4 And Plaintiff has not shown that disclosure of the information contained in its complaint and motion papers “could result in improper use of the material for scandalous or libelous purposes or infringement upon trade secrets,” or invasion of any personal privacy rights that might warrant protection under Federal Rules of Civil Procedure 26(c). Plaintiff has not disclosed any actual customer information in its pleadings or motion papers.5

—–
4 The possibility that the email has not been opened, or that the information has not been misused, does not change the fact that there already was an unauthorized disclosure of the information to an unknown third party.

Image credit: PixelPalace.com

Category: Breach IncidentsBreach TypesExposureFinancial SectorOf Note

Post navigation

← NM: Sensitive Files Found In Dumpster
Kansas woman pleads guilty to computer fraud →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.