Legal analysts, consultants and others are reacting to the news that an attorney working with Wells Fargo shared private information tied to more than 50,000 clients and advisors with a former Wells Fargo advisor.
Though the bank insists the leak of information was "inadvertent" and was caused by human error, not by a systemwide data breach, outsiders say the matter is extremely serious and requires significant changes in how the bank conducts business.
"Wells Fargo has made a monumental error," said William H. Byrnes, an attorney who teaches at the Texas A&M School of Law, in an interview. "We're now at the point where regulators have become involved over federal and state privacy concerns."
There are cybersecurity concerns as well, says Byrnes, a regular ThinkAdvisor contributor.
"This raises red flags to me," he said. "Was [the data] sent securely to or by the attorney? We are talking about Wells Fargo's confidential information being sent [between different parties]. How did they do this via a third party? Was it sent securely to [their own outside] attorney" before it was shared it with the other side's lawyer?"
The data was seen earlier in July by Gary Sinderbrand, a former managing director at Wells Fargo Advisors, who is involved in two lawsuits against his older brother Steven Sinderbrand, a managing director employed at Wells Fargo.
When data is passed on and shared with individuals like Gary Sinderbrand, for instance, it has not been properly secured, Byrnes points out, and "it seems like negligence."
"This guy has a hammer … and can get [Wells Fargo] to the table" with it, Byrnes explained. "Who knows where [the private information] got siphoned off in the chain."
Other observers agree.
"This feels sloppy at two levels," explained Chip Roame, head of Tiburon Strategic Advisors, in an interview.
First, "I find it surprising how much apparently unrelated information was given to Wells' own law firm," Roame said. Then that firm passed it on to the plaintiff's law firm.
"Such broad sharing seems like it will always lead to issues," the consultant explained.
For its part, Wells Fargo says it is "taking swift legal action to ensure client data, which was inadvertently released to a lawyer as the result of a subpoena, is returned immediately." In addition, the bank is "seeking to prohibit the data from being disseminated," it says, as it takes the security and privacy of client information "very seriously."
Corporate Matters