Some Bank of America Corp. customers saw other people's transaction details through online banking, a report said, but the company insisted that no fraudulent activity resulted.
Jalopnik, an automobile news website owned by Gawker Media, reported last weekend that a small number of customers were seeing the account information of other customers when they logged in to B of A's website.
A spokeswoman for the Charlotte, N.C., banking company would not discuss details of what customers saw or what caused the problem but called it an "isolated issue that's been resolved."
"They had problems accessing their online accounts," the spokeswoman said. "There were no reports of fraud as a result of this incident. We worked with the impacted customers to ensure their information is protected."
"Online banking was up and running 100%" during Saturday's incidents, which lasted from about 4:30 to 10:30 p.m. Eastern time, she said.
Jalopnik reported that, when one customer logged in to her account seeking information on her credit card, she saw information pertaining to the mortgage and home equity account of a different person with the same last name. Online security expert James Van Dyke said that, though such incidents are rare, it is not surprising that they occur given the amount of data that a bank's servers handle.
"You're relying on very specific instructions to take data from here and give it to this specific person," said Van Dyke, the president of Javelin Strategy and Research in Pleasanton, Calif. "A server can serve up the wrong data from the wrong database if the slightest instruction … communicates the wrong request," he added.
A similar situation involving AT&T Inc. occurred last June when customers of the wireless carrier logged in to their accounts to preorder Apple Inc.'s iPhone 4. Some people saw other customers' information instead of their own. AT&T at the time said people were not able to see other customers' Social Security or credit card numbers.
The silver lining of such incidents is that companies are "very likely" to be able to retrace what happened and identify which customers and which records were affected, Van Dyke said.
"Unfortunately it's bound to happen," he said. "If you have data, you will have an occasional small-scale breach. It's just going to happen. It becomes primarily about what do you do to" identify the cause, work with customers to rectify any losses and take steps to avoid large-scale breaches.
