Wells Fargo & Co. (NYSE:WFC) mistakenly sent reams of client information to a lawyer representing a former employee. The materials were sent in response to a New Jersey court case involving a defamation dispute between ex-Wells Fargo employee Gary Sinderbrand and his brother, who also worked there. A lawyer for Sinderbrand subpoenaed information from the bank as part of the lawsuit.
The documents were mistakenly sent by Angela Turiano, who represents Wells as an attorney at Bressler Amery Ross, to Aaron Miller, Sinderbrand’s lawyer in the New Jersey case. Miller later shared knowledge of the documents’ contents to Aaron Zeisler, who is representing Sinderbrand in the New York case.
The 1.4 gigabytes of files sent included copious spreadsheets with the sensitive personal information of approximately 50,000 of the bank’s wealthiest clients. In the documents, the bank disclosed client names, Social Security numbers, and account balances, as well as other information. Most of the disclosed information was for customers of Wells Fargo Advisors, the arm of the bank unit that caters to high-net-worth investors.
Zeisler said that Sinderbrand was the “unwilling recipient” of personal information belonging to thousands of clients in a letter to New York Supreme Court Judge Charles Ramos. The files came with no protective orders or confidentiality agreements, so theoretically they could be released to the public or included in the lawsuit filings, where they would become public record. The attorney said, “We are continuing to evaluate his legal rights and responsibilities.”
Wells Fargo has asked judges in New York and New Jersey to require the attorney to immediately return the information to the bank. Shea Leordeanu, a spokeswoman for Wells Fargo Advisors, said, “Our goals are to ensure the data is not disseminated, that it is rapidly returned, and that we ensure the discovery process going forward in the cases is working as it should.”
It was not immediately clear if Wells Fargo broke any rules or laws by disclosing the client information. Ethics rules in both New York and New Jersey require lawyers to notify the other party if they receive information that “was inadvertently sent.” Some accounts listed in files are said to have a foreign owner, making them subject to other countries’ regulations.
Under federal law, financial institutions should notify consumers if their personal information “is subject to a breach that poses a significant risk of identity theft or related harm.” Wells Fargo has reportedly not yet taken that step, but may be likely to do so in the coming days. The company was already under fire for using customers’ personal information to open accounts without their knowledge or consent. This latest black eye for the company may be just as difficult to bounce back from.