Risks of Consolidation
Consolidating account information in a single service is appealing - log into one place and get a snap shot of your financial state. Sounds good in theory, but the practice went wrong for Rudder, a free personal financial service.
TechCrunch reports that several hundred users received consolidated email reports that included their statements as well as the statements of other users. Rudder made a change to its outgoing emails to use avoid being categorized as spam by Yahoo! mail
But for some reason, "instead of separating the emails, it appended them together," explains Somaiya [Rudder Chief Financial Officer]. So those 732 users received not only their own financial updates, but also all of the updates from the appended accounts.
Data leak and data breaches stories are common. Today it is a story about accidental disclosure via email. Another day it could be a data breach by outside attackers. Still some other day it could be a disgruntled employee stealing data to sell on the grey market. Consolidating financial information raises the stakes when data leaks occur.
Rudder took steps to build customer trust, like participating in Verisign Secured and McAfee Secure programs. It's unfortunate how quickly those steps can be undermined by a single event. In a business that consolidates financial information, it isn't enough to protect confidentiality 99.9% of the time, it's all or nothing when it comes to customer trust.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
