Ouch
I'm curious if GS plans to learn from this and change procedures for sending e-mail which is this sensitive.
A Goldman Sachs contractor's inadvertent leak of client data through Gmail has brought the banking giant to a New York court to try and force The Chocolate Factory on a search-and-destroy mission - and Google seems to agree with the bank. Reuters says the slip, which sounds to The Register like someone trusted autocomplete in …
In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain.
My previous bank had this 4-5 years ago. My current bank installed this about a year ago.
Suspect they will be doing the same at GS right now.
If they have it already and the contractor did it anyway - they should be fired.
"In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain."
I agree that should be how most big banks do things, but from my experience it isn't.
I've worked for 3 big banks you would definately know the names of, and some smaller banks that you might not (even working in the industry). None of them had this implemented during my tenure and to the best of my knowledge, still do not. I think we can agree GS makes 4 ;-)
Doh, because theres really no excuse for not having implemented something.... Why would anyone need to send something from an IB to gmail?
There speaks someone who knows little about money.
GS have a pretty damn good reputation for getting it right. They're the only big bank who didn't *need* bailout money in 2008 - but of course the US gov made them take it anyway, because they wanted all the big banks to be in same boat, beholden to them.
can be outright evil, if you have customers with similar names in different companies. Sending an e-mail regarding a new and innovative product of customer A in CC to customer B can really ruin your day. Another thing that should be turned off by default, but isn't.
Quite - I'm seeing a good example of its stupidity this morning: I'm being CC'd in on an argument between two companies that has absolutely nothing to do with me whatsoever. The first couple of emails were1 entertaining reading, but it soon became tedious.
The reason I'm seeing it is almost certainly because whoever sent the first emailed intended for someone else to see it, but my address was filled in by autocomplete, and they didn't notice.
1. I've set a filter now to bin anything pertaining to that discussion. I was tempted to send an email to (politely) say I don't want to see any of this shit, but I suspect the blood pressures are high enough on both sides that bringing the error to their attention would probably spark another aspect to the argument ("WTF did you CC a third party..?" or something).
The trouble with autocomplete is that you normally need to have used the full address at least once before it will then appear in autocomplete later.
And that would imply the contractor already has some form of relationship (i.e. a requirement to email) with the owner of the gmail address.
Something about the story as reported here smells funny. Either El Reg is reporting it badly, or more likely, Goldman et al are spreading the bullshit.
"Dear GS, heard of PGP/GPG?"
The problem with allowing that, of course, is that then the people that monitor our communications can't see what we're sending either.
It's not an issue of technical knowledge, it's not even a debate regarding best practice, it's just bloody politics. Again.
I'd say both of them actually. At a minimum the data has probably transited at least one relay not controlled by GS or Google. And since they haven't located the account there is no positive evidence the information hasn't leaked further. Failing safe would be to assume the data would leak.
Will we see an upsurge in phishing emails apparently from gs.com addresses?
Mail body contains some financial jargon and signature with references to SOX etc.. No exhortations to open the attachment. I'll bet there will be a few marks who wont be able open the attachment fast enough.
Everyone seems to think it's fine that google, apple, amazon, telcos, comcast, etc. have dozens (hundreds/) of staff and contractors who can look through our emails, photos, etc. but it's time for hysterics if a government agency (that generally has at least some mandated level of privacy protection) gets the same access.