Skip to content
Naked Security Naked Security

Wells Fargo apologizes for spilling trove of data on wealthy clients

The e-discovery process during litigation is a challenge to make sure that all the data is properly handled and disclosed, as Wells Fargo has learned

In what can only be described as a true awh-shucks moment, Wells Fargo & Co finds itself offering apologies to approximately 50,000 Wells Fargo Advisors clients whose information was inappropriately shared by Wells Fargo outside counsel, Angela Turiano of Bressler Amery Ross, to an ex-Wells Fargo employee’s attorney, Andrew Miller, as part of the electronic discovery (e-discovery) response to a subpoena request for information.

While it is possible that the 50,000 clients’ accounts were all part of the fraternal squabble and litigation between one of the Sinderbrand brothers (Gary Sinderbrand, an ex-employee, and Steven Sinderbrand, an active Wells Fargo financial advisor) and Wells Fargo over the payment of commissions and fees in support of these high-end investors, that’s a lot of data to mishandle.

To create a disk with 1.4GB of data (which equates to approximately 14,000 documents) is not an insignificant electronic litigation support task.

We learn from the New York Times that the unidentified “vendor” conducting the e-discovery process was thrown under the bus by Wells Fargo’s outside attorney, Turiano, in her email to Miller in which she addresses the error.

We went through a long process of a very large email review with an outside vendor with instructions on exclusion which was spot checked. Clearly there was some type of vendor error — which I am confirming now.

How e-discovery is supposed to work

For those unfamiliar with how the e-discovery process works within a large enterprises, let’s review. A request is made by opposing counsel – often in the form of a subpoena. The request is reviewed for appropriateness and scope, and then determination is made as to the existence of the data. Once the data is identified, if appropriate, the data is pulled and isolated.

Once isolated, a work copy is created (preserving the original) and then the data is painstakingly reviewed for applicability specific to the outstanding request.

Then the information is compiled and shared with the requesting party in the most secure manner available.

How it worked in this instance

In this instance, accepting Turiano’s explanation, the information was identified and isolated, and compiled. Indeed, she notes the process included a laborious email review and guidance provided to their vendor on exclusions. Then the information was “spot-checked”.

The non-excluded information was then copied to the disk (1.4GB) and provided to opposing counsel. The information, according to the NYT, which reviewed the data firsthand, includes customer names, social security numbers, financial details, portfolios and fees which the bank charged the clients.

Wells Fargo, damage control

Wells Fargo, once notified, went into crisis control mode, given that Miller’s client had shared the information with the NYT and has not return it to Turiano. Wells Fargo filed suit to compel the return of the information that had been mistakenly shared by their outside counsel, Turiano.

Wells Fargo then acknowledged the e-discovery error, saying:

We take the security and privacy of our customers’ information very seriously. Our goals are to ensure the data is not disseminated, that it is rapidly returned, and that we ensure the discovery process going forward in the cases is working as it should.

Does this happen often?

Thankfully it doesn’t, even though the e-discovery process is challenging for companies, regardless of size.

A high-profile case that  had its genesis in an inadvertent provision of material during the discovery process involved Hilton Hotels & Resorts Worldwide and Starwood Hotels in 2009-10. Hilton’s attorneys provided information to Starwood in support of a compensation case between a former Starwood employee, who was now a Hilton employee.

When the information arrived at Starwood, the team there discovered that the attorney had provided boxes of documents containing the entire plan for Starwood’s W-hotel concept. The ensuing corporate espionage case brought to a halt Hilton’s Denizen brand. The 100,000-plus documents stolen by the two departing Starwood employees were returned, and according to the New York times, Starwood received $75m in compensation and $75m in hotel management fees from Hilton.

The task of performing discovery within corporations is not for the faint of heart, especially in the age of electronic data. Use of third party-vendors and outside counsel is quite normal.

The ERDM (electronic records document management) requirements in support of litigation are arduous for companies of all sizes. While it is one thing to identify the existence of items germane to given litigation, it is another to process the information.

Companies would be well served to have in place an audit capability for both inside and outside counsel (and vendors) to ensure there is visibility into the ERDM and e-discovery process from beginning to end, with emphasis on accomplishing the process in the most secure manner possible.


2 Comments

Mr. Burgess. I feel compelled to correct a couple of absolutely inaccurate statements in your article. First, my name is Andrew, not Allen. Pretty basic stuff. More importantly, I don’t know where you got that I had shared the information with the NYT. So inaccurate at all levels you should be embarrassed. Check you sources Mr. Burgess. My client contacted the NYT and against my advise to the contrary…at least at that time. If your going to write a story, please get at least the facts right.
Andrew L Miller, Esq.

Mr. Miller, apologies, both for the typo of your name, absolutely basic and my attributing your client’s actions to you. I have adjusted the text to reflect that it was Mr. Sinderbrand who shared the information with the NYT.
Again, my sincere apology.
Christopher

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?