The Bank of Montreal Financial Group had a close call after “human error” allowed two servers with confidential customer data to be momentarily offered on eBay in September.
According to the bank, two BMO servers were shipped to Toronto resident Geoff Ellis, who resells computer equipment on eBay. In an apparent case of mistaken identity, an employee of Ecosys Canada Inc. (a subcontractor of Mississauga, Ontario-based Rider Computer Services Ltd., an outsourcing partner of BMO which deals with the bank’s outdated computer equipment) sent the wrong servers to Ellis. Ellis received two servers which had not yet been sanitized. Because of Ellis’ actions when he saw data on the servers, no BMO data was compromised.
One potential fallout from the BMO story is that companies may revisit outsourcing corporate data, said Jim Hurley, vice-president of Aberdeen Group’s security, privacy and operations risk management practice in Boston. The more rules, regulations and players added to the equation (different levels of disk sanitation for different business units and multiple outsourcers) the greater the likelihood of a problem like this occurring, he said.