Ally Bank, a popular online financial institution, leaked user names and passwords in the clear to third-party marketing partners. They took over 2 months to notify customers of the breach and have so far refused to name who the data was leaked to. Companies we entrust with our data (and money) need to do better.
Senate Majority Leader Bob Duff (D-Norwalk), Senator James Maroney (D-Milford), Senator Norm Needleman (D-Essex), and State Representative David Arconti (D-Danbury) voiced their disapproval to the ongoing details of the Ally Bank data leak. Recently, Ally Bank leaked user names and passwords to third-party marketing partners. It took the company two months to notify customers of the breach and continue to refuse to name who the data was leaked to.
Data leaks such as this one have become more commonplace. According to Risk Based Security, the number of records exposed increased to 36 billion in 2020 and there were 2,935 publicly reported breaches in the first three quarters of 2020.
“The decisions made by Ally Bank in this situation seem to have been made by committee and without urgency – when customers may face serious personal harm because of them,” said Sen. Needleman, Senate Chair of the Energy & Technology Committee.
When phishing and cyber vulnerability continue to grow as threats in the modern day, it’s a serious lapse of judgment for Ally to slow-walk such a precarious situation. This cannot become a regular occurrence.