Goldman Sachs asks Google to delete an accidentally sent email

We've all done this: While in a rush, you type a recipient's email address into the "to" line, then click send, only to realize that you accidentally pulled the wrong address from your contact list. When this happens to most people, they laugh it off and then send the message to the intended recipient. That plan doesn't work very well when you send confidential data.

A Goldman Sachs contractor found that out the hard way after accidentally sending confidential data to a Gmail.com account. The contractor was apparently testing changes to the bank's internal processes when the email was sent. The company has not identified what data was in the message, but Goldman Sachs quickly contacted Google and asked that the message be deleted.

Instead of deleting the message from the Gmail account, Google instead blocked access to the message. They also confirmed that the message had yet to actually been read, but they refuse to actually delete the email without a court order, a process that Goldman Sachs is currently undergoing.

This highlights the importance of encrypting confidential data before sending it out in email. Even if the message was sent to the proper recipient, email is a non-encrypted protocol, meaning anyone on the Internet can theoretically read anything that's sent out. The fact that a big bank is sending out emails with confidential data and without encryption is a little scarier than their request to have the email deleted.

Source: Reuters 1, Reuters 2 | Image via The Guardian

Report a problem with article
Previous Story

EA blames a 'system error' that charged $5 for demos

Next Story

Crisis in Crytek UK as employees stop going to work

36 Comments

Commenting is disabled on this article.

Good thing they asked a company that makes their living off spying on their customers emails to not let anyone see the highly sensitive data that was accidently sent out.

What could possibly go wrong with that plan.

xrobwx said,
I know this is rhetorical but, why not send out test content in a test e-mail? You know, like the word test. :)

Why would they do a thing like that? It's not like it's their own personal information they're dealing with. :D

Thrackerzod said,
I don't believe it was supposed to go out at all; they were testing their internal email.

Even worse. What kind of idiot uses sensitive customer info in a TEST?

adrynalyne said,

Even worse. What kind of idiot uses sensitive customer info in a TEST?

Are you talking about the same institution that gambles customers money to turn a profit or did I miss something? Banks man. :D

68k said,
'We've all done this:' I haven't!

Yeah i haven't done this either. What i have done was sending an 'i love you' short message to the wrong guy that shares the same gender with me.

Alansweeney said,

Yeah i haven't done this either. What i have done was sending an 'i love you' short message to the wrong guy that shares the same gender with me.

Best comment all week :)

Alansweeney said,

Yeah i haven't done this either. What i have done was sending an 'i love you' short message to the wrong guy that shares the same gender with me.

Did you get it sent to the right guy after you realized your mistake?

Enron said,
They should just click the Unsend button.

Not sure about what software GS is using but in Exchange only works if the email has not been opened and quite sporadically as well.
What I would expect for an email containing confidential information is to be encrypted.

Cnónna said,
bet the would love to have the old AOL unsend Email button :D :/
An unsend button would be useless. The message could have been read and saved within seconds on the other end.

Outlook has a retrieve sent message button, which basically notifies the receiver that the sender would like you to ignore/delete the previous message sent. It does nothing else.

Cnónna said,
bet the would love to have the old AOL unsend Email button :D :/

I saw the funny side. Shame Buzz Killington and his mate didn't. Oops.

This has more details than the first account I read.
Email is unread...blocked...but not deleted.
GS just wants it deleted as well.
Makes more sense now.

"The fact that a big bank is sending out emails with confidential data and without encryption is a little scarier than their request to have the email deleted."

What's more concerning is that a bank of this size is using gmail to send out email.

uxo22 said,
"The fact that a big bank is sending out emails with confidential data and without encryption is a little scarier than their request to have the email deleted."

What's more concerning is that a bank of this size is using gmail to send out email.


No, they accidentally sent it TO a Gmail account, not FROM one.

Fezmid said,

No, they accidentally sent it TO a Gmail account, not FROM one.

Oh, I see now. Thanks Fezmid, thanks for clearing that up for me.

What is not told in this story but you can read it in other sources, this email was supposed to be an internal mail. In other words it was supposed to go to johnsmith@gs.com but went to johnsmith@gmail.com

Otherwise, financial institutions do not send you confidential information by email.

Are they not up on how the internet works yet?
-
and sure while it is possible for google to delete a mistakenly sent email if asked, it still sets a bad example and privacy issues(when comes to the recipient). there are points when mistakes are you're own darn fault and they can't be undone

Google blocking access to me is an overstep

Edited by dingl_, Jul 4 2014, 11:06pm :

dingl_ said,
Are they not up on how the internet works yet?
-
and sure while it is possible for google to delete a mistakenly sent email if asked, it still sets a bad example and privacy issues(when comes to the recipient). there are points when mistakes are you're own darn fault and they can't be undone

Google blocking access to me is an overstep

It was an email that wasn't suppose to be sent to that user. Do you open mail that is set to your address that isn't actually for you?

This is more akin to having something delivered to you... Hey its directed at you, your Inbox, your address only to open said package and find out its contents are not what you ordered.

HA in fact this did happen to me, Box posted to me, inside the box were two other boxes with another dudes name on them I was bewildered and opened the boxes anyway(car parts- he and I had ordered car parts, only mine were nowhere to be found) I assumed my parts were posted to him.

Now, while its sad GS posted their stuff to some random guy, whats even sadder is google crawling through the inbox of some random guy and blocking his contents based on info provided to them by GS. that is f--ked.
That random user should he so choose on his own accord could kindly get in touch with GS and talk to them, maybe they can get him to sign some XX year long NDA.

Email of course is a little different, GS sent content to that user, In my mind that user now owns that content- or at the very least he owns the knowledge of that email

Dinggus said,

It was an email that wasn't suppose to be sent to that user. Do you open mail that is set to your address that isn't actually for you?

talking about the theory, if I am a company, replying to a customer regarding a dispute and later I find out I have sent a data via an email to the customer or the person which would be used against me in court, all I have to do is ask google, since I send the email, please block it ??

This is not right, since how to distinguish the actual motive ??

May be in this case, its totally unrelated, but if it becomes a practice, in which a company can simple claim an email is sent by mistake and email service provider will comply with that without any investigation, in that case its frightening for me.,

But hey, as soon as the email reaches the users box, it is his property also.. he to has some rights over it, so how can that be blocked without his consent ??

AtriusNY said,
@dingl_, how do you know the recipient was a he?

dingl_ said,
Box posted to me, inside the box were two other boxes with another *dudes* name on them

Dinggus said,

It was an email that wasn't suppose to be sent to that user. Do you open mail that is set to your address that isn't actually for you?

Absolutely. So did my scumlord. I contacted my post office (canada post) Who told me nothing can really be done if its opened and read, as it was delivered to the address correctly. I presume with wrong delivery (like neighbors mail, wrong civic) there could be action against the post office, but not likely against you because you don't intend to be delivered someone elses mail and probably don't verify the name/address before ripping into it. My question was about a rental property I moved out of and filed a dispute with the landlord, so the tenancy board mailed the documents to my old address, which ironically the landlord had moved into the unit - because he was a scumlord. Not one thing I could do as it was addressed there regardless of the name it was addressed to. Maybe other countries are different.