Data Breach: Bank Dumped Customer Records

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

A local branch of M & T Bank in Rodgers Forge, MD was found to have tossed 52 customer records into a dumpster last week. The bank says the records were dumped inadvertently.

The exposure was revealed after a local news crew from an ABC affiliate went "dumpster diving" in the bank branch's dumpster and found the records.

The documents being placed in the dumpster without being shredded was a "clear violation of our policies," says Philip Hosmer, M & T's vice president of corporate communications. The branch, which was a Bradford Bank branch before the August merger with M & T, had strict controls in place to regulate the way that it inventoried, archived and protected customer information. "But it's clear that some material was mishandled," Hosmer says.

"We've reviewed the materials, and the vast majority of it is old and invalid," Hosmer says. "There's no risk whatsoever for most of this information." M&T has contacted federal and state regulators about the breach and has issued new account numbers and free credit monitoring to the customers involved in the 52 records that were dumped. "We are conducting an extensive internal investigation, and at this point, it appears to be an isolated circumstance involving a single human error," Hosmer concludes.

This data breach brings to 51 the total number of reported data breaches affecting financial institutions in 2009.