Bloomberg users’ messages leaked online

Editor’s Note:  Not all threats to corporate cybersecurity come from hackers.  Thus, federal cybersecurity measures may need to address more than the traditional notion of what constitutes a theat to the integrity of corporate data.

From: Financial Times

By Daniel Schäfer in London and Andrew Edgecliffe-Johnson in New York

More than ten thousand private messages sent between users of Bloomberg’s financial terminals have leaked online, undermining the company’s attempts to restore faith in its ability to keep client data confidential as it scrambles to allay clients’ privacy concerns.

Two long lists showing confidential Bloomberg messages between traders at dozens of the world’s largest banks and their clients have been online for  several years, the Financial Times has learnt.

The documents from one particular day in 2009 and also from 2010, contain messages sent in by clients so Bloomberg could extract price data for their use  on bonds, credit default swaps and other financial products from traders’ messages.

The messages had been found, a financial markets professional said, through a simple Google search. They were taken down from the internet on Monday, after  the FT enquired about them.

They showed information such as unique Bloomberg user identifiers, real names and traders’ email addresses as well as confidential financial price information and trading activity.

“This work was done with client consent, where emails were explicitly forwarded to us to a dedicated email account and released by the person  responsible for the email so that we could conduct internal testing to improve  our technology for the client,” a Bloomberg spokesman said.

The apparently accidental leak threatens to unnerve Bloomberg’s clients,  however, only days after the unrelated revelation that Goldman Sachs had complained that the news  organisation’s journalists had been able to track when users accessed their  terminals and which functions they used.

On Monday, the European Central Bank and Germany’s Bundesbank joined the list of clients airing concerns, saying they had both contacted Bloomberg over the  issue. The Federal Reserve, the US Treasury and JPMorgan Chase, have also raised questions since news of Goldman’s formal complaint leaked last  week.

European authorities’ comments followed Bloomberg’s second attempt to draw a  line under the reputational crisis. In a Sunday night online editorial, Matthew  Winkler, editor-in-chief of Bloomberg News, apologised and described the fact that reporters had access to certain client information as “inexcusable”.

Bloomberg’s messaging service, which it pioneered before email was commonly  used, is highly prized by banks for its security and functionality.

The leaked messages were uploaded to the internet by Steve Raaen, then a Bloomberg employee, while he was working for the company on a data-mining  project for clients’ benefit. It is believed he intended to to upload them to a secure site.

Mr Raaen, who left Bloomberg in March 2011, declined to comment. Bloomberg  said use of such emails outside its system “would have been a clear violation of  our policies” and it was considering “all potential legal” actions. Such a  breach could not happen now, it added, due to new technology and “upgraded” controls that would prevent such information leaving its system.

The project on behalf of Bloomberg clients, called “message scraping”, entailed Mr Raaen, a business manager, combing through traders’ messages to get better pricing information on financial products that are traded over the  counter.

The messages included trade information and other confidential details from  global banks including Barclays, Citigroup, Deutsche Bank, Goldman Sachs, HSBC,  Nomura JPMorgan and Morgan Stanley.

In one message from the 25th of August 2009, a trader at a large bank passed  on the information to three of his clients at institutional investors and asset management groups that he had sold $2m ING bonds at a price of $56 each: “LIFTED  2MM INTNED 8.439 $56, 2.75MM LEFT THERE.”

Read Complete Article

 

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *