Editor’s Note: Not all threats to corporate cybersecurity come from hackers. Thus, federal cybersecurity measures may need to address more than the traditional notion of what constitutes a theat to the integrity of corporate data.
From: Financial Times
By Daniel Schäfer in London and Andrew Edgecliffe-Johnson in New York
More than ten thousand private messages sent between users of Bloomberg’s financial terminals have leaked online, undermining the company’s attempts to restore faith in its ability to keep client data confidential as it scrambles to allay clients’ privacy concerns.
Two long lists showing confidential Bloomberg messages between traders at dozens of the world’s largest banks and their clients have been online for several years, the Financial Times has learnt.
The documents from one particular day in 2009 and also from 2010, contain messages sent in by clients so Bloomberg could extract price data for their use on bonds, credit default swaps and other financial products from traders’ messages.
The messages had been found, a financial markets professional said, through a simple Google search. They were taken down from the internet on Monday, after the FT enquired about them.
They showed information such as unique Bloomberg user identifiers, real names and traders’ email addresses as well as confidential financial price information and trading activity.
“This work was done with client consent, where emails were explicitly forwarded to us to a dedicated email account and released by the person responsible for the email so that we could conduct internal testing to improve our technology for the client,” a Bloomberg spokesman said.
The apparently accidental leak threatens to unnerve Bloomberg’s clients, however, only days after the unrelated revelation that Goldman Sachs had complained that the news organisation’s journalists had been able to track when users accessed their terminals and which functions they used.
On Monday, the European Central Bank and Germany’s Bundesbank joined the list of clients airing concerns, saying they had both contacted Bloomberg over the issue. The Federal Reserve, the US Treasury and JPMorgan Chase, have also raised questions since news of Goldman’s formal complaint leaked last week.
European authorities’ comments followed Bloomberg’s second attempt to draw a line under the reputational crisis. In a Sunday night online editorial, Matthew Winkler, editor-in-chief of Bloomberg News, apologised and described the fact that reporters had access to certain client information as “inexcusable”.
Bloomberg’s messaging service, which it pioneered before email was commonly used, is highly prized by banks for its security and functionality.
The leaked messages were uploaded to the internet by Steve Raaen, then a Bloomberg employee, while he was working for the company on a data-mining project for clients’ benefit. It is believed he intended to to upload them to a secure site.
Mr Raaen, who left Bloomberg in March 2011, declined to comment. Bloomberg said use of such emails outside its system “would have been a clear violation of our policies” and it was considering “all potential legal” actions. Such a breach could not happen now, it added, due to new technology and “upgraded” controls that would prevent such information leaving its system.
The project on behalf of Bloomberg clients, called “message scraping”, entailed Mr Raaen, a business manager, combing through traders’ messages to get better pricing information on financial products that are traded over the counter.
The messages included trade information and other confidential details from global banks including Barclays, Citigroup, Deutsche Bank, Goldman Sachs, HSBC, Nomura JPMorgan and Morgan Stanley.
In one message from the 25th of August 2009, a trader at a large bank passed on the information to three of his clients at institutional investors and asset management groups that he had sold $2m ING bonds at a price of $56 each: “LIFTED 2MM INTNED 8.439 $56, 2.75MM LEFT THERE.”
Leave a Reply