Feeds

back to article Google BLOCKS access to Goldman client-leak email

A Goldman Sachs contractor's inadvertent leak of client data through Gmail has brought the banking giant to a New York court to try and force The Chocolate Factory on a search-and-destroy mission - and Google seems to agree with the bank. Reuters says the slip, which sounds to The Register like someone trusted autocomplete in …

Silver badge

Ouch

I'm curious if GS plans to learn from this and change procedures for sending e-mail which is this sensitive.

5
0
Silver badge
Meh

Re: Ouch

Don't be silly. They're big and self important. They won't change, they'll just demand everyone else clear up the mess... At their own expense of course.

8
0
Silver badge

Re: Ouch

In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain.

My previous bank had this 4-5 years ago. My current bank installed this about a year ago.

Suspect they will be doing the same at GS right now.

If they have it already and the contractor did it anyway - they should be fired.

3
0
Facepalm

Re: Ouch

"In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain."

I agree that should be how most big banks do things, but from my experience it isn't.

I've worked for 3 big banks you would definately know the names of, and some smaller banks that you might not (even working in the industry). None of them had this implemented during my tenure and to the best of my knowledge, still do not. I think we can agree GS makes 4 ;-)

Doh, because theres really no excuse for not having implemented something.... Why would anyone need to send something from an IB to gmail?

2
0
Bronze badge
WTF?

"avoid reputational damage to Goldman Sachs"

You CAN'T be serious!

16
0

Re: "avoid reputational damage to Goldman Sachs"

There speaks someone who knows little about money.

GS have a pretty damn good reputation for getting it right. They're the only big bank who didn't *need* bailout money in 2008 - but of course the US gov made them take it anyway, because they wanted all the big banks to be in same boat, beholden to them.

0
7
FAIL

Re: "avoid reputational damage to Goldman Sachs"

Google "vampire squid" and get back to us.

3
0
Bronze badge

Re: "avoid reputational damage to Goldman Sachs"

And there speaks someone who knows little of cynical humour.

1
0
Silver badge
Happy

Ten says the user saw an incomprehensible email about banking stuff, and reported it as a phishing attempt!

19
0

That's if Google didn't automatically put it in the spam folder already. Along with the follow-up email asking the user to delete it.

0
0
Bronze badge
Unhappy

Autocomplete of e-mail adresses

can be outright evil, if you have customers with similar names in different companies. Sending an e-mail regarding a new and innovative product of customer A in CC to customer B can really ruin your day. Another thing that should be turned off by default, but isn't.

5
0
Silver badge

Re: Autocomplete of e-mail adresses

Quite - I'm seeing a good example of its stupidity this morning: I'm being CC'd in on an argument between two companies that has absolutely nothing to do with me whatsoever. The first couple of emails were1 entertaining reading, but it soon became tedious.

The reason I'm seeing it is almost certainly because whoever sent the first emailed intended for someone else to see it, but my address was filled in by autocomplete, and they didn't notice.

1. I've set a filter now to bin anything pertaining to that discussion. I was tempted to send an email to (politely) say I don't want to see any of this shit, but I suspect the blood pressures are high enough on both sides that bringing the error to their attention would probably spark another aspect to the argument ("WTF did you CC a third party..?" or something).

0
0
Silver badge
Headmaster

Re: Autocomplete of e-mail adresses

The trouble with autocomplete is that you normally need to have used the full address at least once before it will then appear in autocomplete later.

And that would imply the contractor already has some form of relationship (i.e. a requirement to email) with the owner of the gmail address.

Something about the story as reported here smells funny. Either El Reg is reporting it badly, or more likely, Goldman et al are spreading the bullshit.

1
0
Anonymous Coward

How low can

Goldman Sax' reputation really go, since they worry about that?

3
0
Silver badge

Well done Google. Even when everyone agrees it needs to be done, they still make sure all the legal requirements are in place before releasing information on an innocent third party.

7
1
Silver badge

Dear GS

Thanks for the email and share trading tips.

Sent from my Blackberry - that's the company, not the phone.

1
0

Hey, if they get a court order, and Google delete it from that email account, then it never happened, right?

Oh, hang on, what if they downloaded the spreadsheet ... oh dear...

3
0

I don't know what is more idiotic...

...having autocomplete switched on or not encrypting/signing that extremely sensitive data. Dear GS, heard of PGP/GPG? Would leave you looking very, very peachy right now....

1
0

Re: I don't know what is more idiotic...

"Dear GS, heard of PGP/GPG?"

The problem with allowing that, of course, is that then the people that monitor our communications can't see what we're sending either.

It's not an issue of technical knowledge, it's not even a debate regarding best practice, it's just bloody politics. Again.

0
0
Silver badge

Re: The latter horse, El Reg fears, may have already bolted.

I'd say both of them actually. At a minimum the data has probably transited at least one relay not controlled by GS or Google. And since they haven't located the account there is no positive evidence the information hasn't leaked further. Failing safe would be to assume the data would leak.

0
0
Alert

I wonder

Will we see an upsurge in phishing emails apparently from gs.com addresses?

Mail body contains some financial jargon and signature with references to SOX etc.. No exhortations to open the attachment. I'll bet there will be a few marks who wont be able open the attachment fast enough.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon