back to article Google BLOCKS access to Goldman client-leak email

A Goldman Sachs contractor's inadvertent leak of client data through Gmail has brought the banking giant to a New York court to try and force The Chocolate Factory on a search-and-destroy mission - and Google seems to agree with the bank. Reuters says the slip, which sounds to The Register like someone trusted autocomplete in …

  1. Ole Juul

    Ouch

    I'm curious if GS plans to learn from this and change procedures for sending e-mail which is this sensitive.

    1. Will Godfrey Silver badge
      Meh

      Re: Ouch

      Don't be silly. They're big and self important. They won't change, they'll just demand everyone else clear up the mess... At their own expense of course.

      1. Gordon 10

        Re: Ouch

        In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain.

        My previous bank had this 4-5 years ago. My current bank installed this about a year ago.

        Suspect they will be doing the same at GS right now.

        If they have it already and the contractor did it anyway - they should be fired.

        1. LucreLout
          Facepalm

          Re: Ouch

          "In most banks this require's 2 clicks of the send button. Basically it makes you classify the email - and then again prompts you if it detects a non local email domain."

          I agree that should be how most big banks do things, but from my experience it isn't.

          I've worked for 3 big banks you would definately know the names of, and some smaller banks that you might not (even working in the industry). None of them had this implemented during my tenure and to the best of my knowledge, still do not. I think we can agree GS makes 4 ;-)

          Doh, because theres really no excuse for not having implemented something.... Why would anyone need to send something from an IB to gmail?

  2. Mitoo Bobsworth
    WTF?

    "avoid reputational damage to Goldman Sachs"

    You CAN'T be serious!

    1. corestore

      Re: "avoid reputational damage to Goldman Sachs"

      There speaks someone who knows little about money.

      GS have a pretty damn good reputation for getting it right. They're the only big bank who didn't *need* bailout money in 2008 - but of course the US gov made them take it anyway, because they wanted all the big banks to be in same boat, beholden to them.

      1. Tom Maddox Silver badge
        FAIL

        Re: "avoid reputational damage to Goldman Sachs"

        Google "vampire squid" and get back to us.

      2. Mitoo Bobsworth

        Re: "avoid reputational damage to Goldman Sachs"

        And there speaks someone who knows little of cynical humour.

  3. ratfox
    Happy

    Ten says the user saw an incomprehensible email about banking stuff, and reported it as a phishing attempt!

    1. AndyS

      That's if Google didn't automatically put it in the spam folder already. Along with the follow-up email asking the user to delete it.

  4. Chairo
    Unhappy

    Autocomplete of e-mail adresses

    can be outright evil, if you have customers with similar names in different companies. Sending an e-mail regarding a new and innovative product of customer A in CC to customer B can really ruin your day. Another thing that should be turned off by default, but isn't.

    1. VinceH

      Re: Autocomplete of e-mail adresses

      Quite - I'm seeing a good example of its stupidity this morning: I'm being CC'd in on an argument between two companies that has absolutely nothing to do with me whatsoever. The first couple of emails were1 entertaining reading, but it soon became tedious.

      The reason I'm seeing it is almost certainly because whoever sent the first emailed intended for someone else to see it, but my address was filled in by autocomplete, and they didn't notice.

      1. I've set a filter now to bin anything pertaining to that discussion. I was tempted to send an email to (politely) say I don't want to see any of this shit, but I suspect the blood pressures are high enough on both sides that bringing the error to their attention would probably spark another aspect to the argument ("WTF did you CC a third party..?" or something).

    2. Velv
      Headmaster

      Re: Autocomplete of e-mail adresses

      The trouble with autocomplete is that you normally need to have used the full address at least once before it will then appear in autocomplete later.

      And that would imply the contractor already has some form of relationship (i.e. a requirement to email) with the owner of the gmail address.

      Something about the story as reported here smells funny. Either El Reg is reporting it badly, or more likely, Goldman et al are spreading the bullshit.

  5. Anonymous Coward
    Anonymous Coward

    How low can

    Goldman Sax' reputation really go, since they worry about that?

  6. Christoph

    Well done Google. Even when everyone agrees it needs to be done, they still make sure all the legal requirements are in place before releasing information on an innocent third party.

  7. Frankee Llonnygog

    Dear GS

    Thanks for the email and share trading tips.

    Sent from my Blackberry - that's the company, not the phone.

  8. Mr Tumnus

    Hey, if they get a court order, and Google delete it from that email account, then it never happened, right?

    Oh, hang on, what if they downloaded the spreadsheet ... oh dear...

  9. Old fogey

    I don't know what is more idiotic...

    ...having autocomplete switched on or not encrypting/signing that extremely sensitive data. Dear GS, heard of PGP/GPG? Would leave you looking very, very peachy right now....

    1. LucreLout

      Re: I don't know what is more idiotic...

      "Dear GS, heard of PGP/GPG?"

      The problem with allowing that, of course, is that then the people that monitor our communications can't see what we're sending either.

      It's not an issue of technical knowledge, it's not even a debate regarding best practice, it's just bloody politics. Again.

  10. Tom 13

    Re: The latter horse, El Reg fears, may have already bolted.

    I'd say both of them actually. At a minimum the data has probably transited at least one relay not controlled by GS or Google. And since they haven't located the account there is no positive evidence the information hasn't leaked further. Failing safe would be to assume the data would leak.

  11. Trainee grumpy old ****
    Alert

    I wonder

    Will we see an upsurge in phishing emails apparently from gs.com addresses?

    Mail body contains some financial jargon and signature with references to SOX etc.. No exhortations to open the attachment. I'll bet there will be a few marks who wont be able open the attachment fast enough.

  12. Dan from Chicago

    Always surprising

    Everyone seems to think it's fine that google, apple, amazon, telcos, comcast, etc. have dozens (hundreds/) of staff and contractors who can look through our emails, photos, etc. but it's time for hysterics if a government agency (that generally has at least some mandated level of privacy protection) gets the same access.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like