I own a domain name that is ridiculously close to a major brokerage company.

It is amazing the amount of information people email me. I get scans of peoples passport, drivers licenses, etc.

I have hundreds of pages of account data from banks, brokerages, etc.

I am constantly getting mail for individual employees including lots of personal stuff. Lots of it come from other employees of the real company!!

People are damned lucky I'm honest because this data is probably worth a fortune.

I get all sorts of e-mails for people with my same name - requests to pick them up at the airport, resumes for commercial acting jobs, pictures of some dude with the fish he caught...I also tried telling these people they had the wrong address, but they keep sending the messages along, so I've given up.

Besides the Obvious that an employee was so dumb he sent bank info to a mistyped out-of-intranet email address, WHY IN THE HELL IS THIS GOOGLE'S PROBLEM???? HOW CAN THEY SUE GOOGLE FOR AN EMPLOYEE'S INCOMPETENT ACTIONS!

@intellivised: ditto the early adopter thing. my short and quick gmail address has been absorbed by a group of women with lives way more fabulous than mine. i get regular invitations to embassy balls, spas, a wedding in manhattan, etc.
one of the friends always emails from work and leaves on her personal work info from goldman sachs.
i live vicariously through their email conversations. is that sad? =)

Notice of Confidentiality: This facsimile communication and the attachment(s) hereto, if any, are intended solely for the information and use of the addressee(s) identified above and may contain information which is legally privileged from disclosure and/or otherwise confidential. If a recipient of this facsimile communication is not an addressee (or an authorized representative of an addressee), such recipient is hereby advised that any review, disclosure, reproduction, re-transmission or other dissemination or use of this communication (or any information contained herein) is strictly prohibited. If you are not an addressee and have received this communication in error, immediately cover your eyes and don't look. Please advise the sender of that circumstance either by e-mail or by telephone at xxxxxxxxx, and immediately destroy all physical copies of this communication.

He should never have entered any email address at all other than those in domain names authorized for confidential information (for example other branches of the same bank, or another bank when it is involved in the business at hand).

Additionally, the attachment should be encrypted, using the current strongest encryption method, making it useless should anyone else get it, by whatever means.

The UNintended recipient, if exposed in this, should sue the bank for all the hassle involved ... BIG money ... unless he is a Nigerian Prince.

@scoosdad: No, it's Pot, meet Kettle. Oh, the irony! :P

If I spotted the e-mail I would have deleted it immediately without opening it because it would have set off alarms (large e-mail from unknown "bank" = computer virus in my world).

Apparently someone at the NYT thought it would be a good idea to email all this stuff from her work email address to "her" home email address. The problem was what she thought was her home email address, turned out to be mine (we had the same last name and same first name initial).

I ended up having to dump that address, since she also signed up to every stupid mailing and spam list you could possibly thing of.

Quite funny actually. Want to bet that the person deleted it or thought it was spam and then deleted it. Better yet if gmail auto-flagged it as spam and sent it to the spam folder...

Wait a minute.

A corporation sends me an e-mail (not the CIA) by mistake. And I am going to be hauled into court/forced to recount my actions??? Bullshit.

The intended recipient should be fired for using an outside email address for business purposes that involve confidential information. The sender should be fired for playing along with such stupidity. And I can think of a few other people that might deserve this end result, as well.

@EBounding: No, they're not spam. They're legit emails. I've gotten emails routed to me from her brother, etc. I don't understand why Google would allow duplicate usernames though, since apparently the dot is not recognized by Google Mail.

...the employee sent a second e-mail to the recipient instructing the person to delete the e-mail and attachment "in its entirety" without opening or reviewing it. The employee also asked the recipient to contact the employee to "discuss his or her actions.

You can't send a second email to the recipient unless you know where you sent it to in the first place! They do.

Even sending personal data through internal email represents a security risk. There's no control as to where that email could be sent, and anyone in the company could end up with it.

1. Bank highers stupid, incompetent person.

Pot, meet Black. :-)

If I got a random word/excel doc from a "bank", I probably would delete it without opening it and never know it had social security numbers in it. I don't open attachments from unknown senders.

Some of the fun things I've gotten:

- Vacation photos
- Schematics/presentations for a Canadian health care software suite
- ANOTHER health care software programming set of plans, only this time for something to do with COBRA.
- Pictures from a company that sells, from what I can tell, only industrial steel doors.
- Prom photos.
- A whole group of middle-age person forwards from someone in New Zealand.
- Registration cards for various rewards programs. In New Zealand.
- Some UK guy's marketing presentation.
- Same marketing guy's airline itenerary. Sent straight from the airline. Anybody want to go to South Africa?
- A series of really, really, really sad Christmas letters from a family that just lost their Mom.
- A totally different set of e-mails from a different family that lost someone else. These primarily were people arguing about a stolen belt that belonged to the deceased.

And this... is just the tip of the iceburg. I tend to e-mail back most people I get things from. Just to let them know. I have a gmail tag called Dead Letter Office and I'm really hit and miss on what I save. Depends on my mood.

This is happening to me too - a person with a similar name to mine signing up for things with my Gmail address. Loads and loads of wedding crap!

If I were a customer at that bank, I would be all over them about the fact they sent my information to ANYONE over email outside their internal email system.

EMAIL IS NOT SECURE.

By default, Gmail uses the HTTP (not the SSL encrypted HTTPS) protocol. That means that when Bob the banker is checking his email at Panera Bread, that anyone with some free time and a copy of Wireshark can sit there and read Bob's email.

Furthermore, as that email flies between the bank's SMTP server and Gmail, it is there for everyone along the way to read.

Let me reiterate. EMAIL is NOT SECURE! Never send a social security number or credit card number over email. And especially never send OTHER peoples information over email.

Within the bank, it's a different story. The email will stay entirely within the banks secure(????) network. Therefore, unless the network is compromised, the information can't be intercepted. But sending to a Gmail account is just plain stupid.

If you make a mistake, my best advice is this: approach me humbly. Be polite, express regret, beg for mercy. Remember: you are asking me to help clean up your mess. If you're going to be a jerk about it, I'll tell you to where to stick it.

My favorite variation on "being a jerk" is the standardized disclaimer telling me what to do if I am not the intended recipient. "Destroy the message. Notify the sender." Piss off. I'm not on your payroll. You don't get to tell me what to do.

Based on my last look at the standings, it didn't do that team much good. Still it was funny, and it came a week before my fantasy league draft too :-)

(I was just experimenting with this last night because I'm changing my "real name" e-mail address when I get married in two weeks and playing around with what I want to give people.)

That makes three of us. Even if he sent it to the correct Gmail user, what's to say it's the same level of security as the bank's internal email?

i get loads and loads of misdirected personal email sent to my gmail account.
one person, whose name is simlar to mine, actually signed up for an online real estate course and typed in my email. to make sure someone wasn't trying to scam me, i went to the site and checked out the account they opened. it was legit, and i got their full name, address, phone number, etc from the profile info they entered.
i didn't do anything with the info, but if i keep getting emails from the course website, i might drop them a postcard and suggest they double check their email info.

Oy. Going away now.

My assumption would be that it's a "dead" GMail account that is never or rarely used by the person anymore. Thus, they haven't (yet) read any of those emails. So, what will they do if they eventually get a name/address/phone and that person doesn't live there, either? Or, more likely, can't manage to pin it down to a particular person?

"Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor

but if it came from somewhere like bigamericanbank.br i'd delete it without thinking (i should probably dump anything from .br straight into the trash, anyway)

I'm a BoA customer. Thanks guys. Thanks. Real slick there. Your employees are pretty much all incompetent jerks who screw up every request I make over the phone, and now it turns out that they just "accidentally" sent out a crapload of my own personal information. Even if it's not, it's a customer. What the hell happened to caring about your reputation as a company? And why does this kind of general incompetence seem to afflict banks so heavily?

I'm guessing as with any other actions dealing with potentially sensitive information, Google shouldn't touch any email account without an appropriate court order.

[mail.google.com]

I do get some UK guy's pay stubs every other week. I think they just have the incorrect address since we have the same name. I'm wary of telling them though.

And it continues, so now I just trash Kathy's emails and don't bother redirecting or letting anyone know.

[mail.google.com]

Google Mail does not recognize dots, but Google Apps apparently DOES recognize dots. Go figure.

But then they sent over a thousand SSNs to a gmail account so maybe we shouldn't be surprised that they've decided to do something else stupid. It seems that when given a set of options they'll always chose the most idiotic, irrational, and costly course of action possible.

Actually the dot isn't recognized by Gmail at all.

jessie.jones = jessiejones as far as gmail is concerned. You can use that as a filter though. You can also append +whatever so you can filter by that as well.

So when you sign up you can use the email jessie.jones+nospam@gmail and then put a filter in gmail to trash anything sent to that address.

Ta da!

I LOVE YOU, GMAIL!!!!!!!

This is exactly the sort of thing banks and credit unions are forever telling their customers that they NEVER do. It's also the exact thing they're begging customers not to do. They can't be surprised now when someone sees something that suspicious and ignores it.

While they should definitely act as though the worst has happened they can at least hope that someone thought it was spam and deleted it immediately or, as floraposte said, it's an e-mail address the person never uses.

What does Google, really know about the person?

Use a throw away cell to subscribe and you are dust in the wind.

@MostlyHarmless: I think it's more or less back up now! I still get this message:

"Gmail is temporarily unable to access your Contacts. You may experience issues while this persists. Learn more"

And my account is showing I have an unread message when I don't. Maybe there's some kind of secret CIA network in which they use Gmail to communicate top secret details of operations in the Sudan. Hey, banks send to Gmail, why not CIA?

I work for a bank, and it's not a surprise that this was sent to a gmail account. There are many small businesses (or surprisingly midsize businesses) that use gmail as their business account. It's not uncommon.

What is uncommon is that this was sent without any other security. That should be unacceptable, and not surprisingly people are let go for these security violations. Any sensitive data should be sent via secure methods. It really has nothing to do with the domain of the email address.

Try the "No Labs" version: [mail.google.com]

Or the HTML only version: [mail.google.com]

And as usual, there is a Life Hacker post about it: [lifehacker.com]

OH DEAR GOD! Gmail is down! I repeat, GMAIL IS DOWN! I'm getting Error Code 008 all the time, and it's like the new BSOD. I just sit here, my hands are slack and I have no idea what to do. I need to troubleshoot, but no, Error 008 is their problem, not mine, where do I go to find other people with unsent messages? I need a support group, don't I? Other people who know what it's like not having an alternate email address that isn't Gmail.

I can understand a bad day at work, i've had them too, but I have yet to see someone halfway competent do something this stupid.

@threadislocked:
Also, why are they using google free email accounts for sensitive emails?

@Fishy007:
This. BOA will probably win, though, which really sucks.

@YokoOhNo:
I guess I could get onboard with that, but if my personal info were included, that'd really piss me off.

Did she even contact google???
Why wouldn't google just delete the email from the recipient's mailbox????

HAT TRICK!!

@CompyPaq: I work as a vendor for a major bank and anytime we send any personally identifiable information via email we have to encrypt the information. We generally don't send anything like that via email even if it is encrypted, though. We normally use a shared drive that can only be accessed from secured terminals. So, like Laura pointed out, this employee was extremely incompetent.

@tereckkincaid:
I totally agree. They made the error and then tried to criminalize the recipient, who probably was leery about responding to such an odd e-mail. I wouldn't have responded either.

@floraposte:
I do not understand why google did not just delete the email for this person as soon as she discovered the problem.

In other words: the employee was ragingly incompetent.

People make mistakes, it happens. Unfortunately, the fact that they haven't informed their customers yet does lose them points.

Even if the e-mail was delivered and read, as terkkincaid pointed out, it sounds so fishy that there's no reason to respond to it.

The bank needs to f**k off and deal with its problems instead of suing recklessly. Is this why they keep raising my fees? To launch worthless lawsuits?

Though I suspect this just went to somebody's forgotten subsidiary address, and they've no idea that it's even getting mail.

If the bank had stricter controls over their customers personal information this wouldn't have happened.

The lawsuit to reveal the gmail users information (most likely fake in any case) will help erode our online privacy further...bank fux up and we get fuct.

LOL

No way the court should allow this, so it probably will. Sigh.

Instead of clogging up the court system with more junk, notify the account holders and change their account numbers. Would probably cost the bank less money in the long run too.

And forcing a company to invade a customer's privacy because you made a typo? I hope the courts don't touch that can of worms with a 10 foot pole. The bank has to suck it up and treat the breach like it's a worst case scenario, and not hassle someone else because of their mistake.

Wow. Pretty sad that ANY bank employee would send sensitive data to a GMail account. You'd assume, THAT much data would be sent internally only.