Monday, July 24, 2017

Wells Fargo Huge Data Breach - Lessons for Firms and Their Lawyers

Multiple news sources are now reporting that Wells Fargo is being investigated for the release of personal information of approximately 50,000 clients to a former employee.

The New York Times reported on Friday that the bank's attorneys had release 1.4 gigabytes of customer data to the former employee in response to a subpoena served on the bank in connection with a suit between the employee and another employee.

According to the NYT, the employee estimates that he now has information regarding 50,000 clients, including customer names, their social security numbers and financial information, like the size of their investments and the fees that they have been charged.

The NYT is also reporting that the information was delivered by the bank's attorneys, without a protective order or a confidentiality order. In theory, without those protections, the employee can release that information publicly, although his attorney says he will hold the information secure and confidential while they evaluate his legal rights and obligations.

Wells Fargo maintains that the release was accidental and is seeking the return of the information. Wells Fargo blamed its outside counsel, who in turn blamed their outside discovery vendor.

The lesson for Wells Fargo is obvious - as is the lesson for lawyer and law firms. We are handling confidential information regarding customers and third parties. You need, at a minimum, to have a protective order in place, and the documents need to be identified as being confidential.

Anything less has the potential to create legal and regulatory issues for your client.

Wells Fargo Accidentally Releases Trove of Data On Wealthy Clients.

Wells Fargo under regulatory scrutiny after huge client data breach 


Mark J. Astarita, Esq. is a securities litigation attorney with the national law firm of Sallah Astarita & Cox, and represents brokerage firms, brokers, and investors in securities arbitration, litigation, and regulatory matters. Have a question? Email him at