On Thursday we learned that Goldman Sachs had asked Google to delete an email containing “highly confidential brokerage account information” that was sent in error to a Gmail account on June 23, recipient unknown.
The banking giant said that if the email wasn’t deleted, it could lead to a “needless and massive” security breach.
After contacting Google, the Web company told Goldman Sachs that it would only consider deleting the email if ordered to do so by a court.
Apparently unwilling to wait for the judge’s response and fearing the contents of the email may be accessed, the investment bank returned to Google to ask again if it could deal with the matter. And it has.
A spokesperson for Goldman told Reuters that Google has now prevented the recipient of the email from opening the message, though it has not deleted it. It’s not clear what method Mountain View technicians have used to block access to a single email or whether it’s left the owner of the account a message explaining its actions. We’ve reached out to the company for more information and will update if we hear back.
“Google complied with our request that it block access to the email,” Goldman’s Andrea Raphael told Reuters. “It has also notified us that the email account had not been accessed from the time the email was sent to the time Google blocked access. No client information has been breached.”
The troubling episode for Goldman kicked off last month when an outside contractor testing work being done on the bank’s internal systems mistakenly emailed her report containing sensitive information to a @gmail.com address instead of one ending in @gs.com.
The bank said that several follow-up emails to the gmail address failed to elicit a response, leading it to contact Google for help.
Requesting a court order for Google’s intervention, Goldman Sachs said urgent action was required “to avoid the risk of inflicting a needless and massive privacy violation upon Goldman Sachs’ clients, and to avoid the risk of unnecessary reputational damage to Goldman Sachs.”
The Wall Street giant will certainly be pleased that the issue has been cleared up, though its own admission that it was heading for a “needless and massive privacy violation” will hardly have enhanced its reputation when it comes to issues of online security and it how it deals with sensitive data.
As for the person whose Inbox was opened by someone other than him or herself, we’ll probably never know how they felt about their privacy violation, though we assume the bank would claim it was neither needless nor massive.