Legal analysts, consultants and others are reacting to the newsthat an attorney working with Wells Fargo shared private information tied to more than50,000 clients and advisors with a former Wells Fargo advisor.

Though the bank insists the leak of information was“inadvertent” and was caused by human error, not by a systemwidedata breach, outsiders say the matter is extremely serious andrequires significant changes in how the bank conducts business.

“Wells Fargo has made a monumental error,” said William H.Byrnes, an attorney who teaches at the Texas A&M School of Law,in an interview. “We’re now at the point where regulators havebecome involved over federal and state privacy concerns.”

There are cybersecurity concerns as well, says Byrnes.

“This raises red flags to me,” he said. “Was [the data] sentsecurely to or by the attorney? We are talking about Wells Fargo’sconfidential information being sent [between different parties].How did they do this via a third party? Was it sent securely to[their own outside] attorney” before it was shared it with theother side’s lawyer?”

The data was seen earlier in July by Gary Sinderbrand, a formermanaging director at Wells Fargo Advisors, who is involved in twolawsuits against his older brother Steven Sinderbrand, amanaging director employed at Wells Fargo.

When data is passed on and shared with individuals like GarySinderbrand, for instance, it has not been properly secured, Byrnespoints out, and “it seems like negligence.”

“This guy has a hammer … and can get [Wells Fargo] to the table”with it, Byrnes explained. “Who knows where [the privateinformation] got siphoned off in the chain.”

Other observers agree.

“This feels sloppy at two levels,” explained Chip Roame, head ofTiburon Strategic Advisors, in an interview.

First, “I find it surprising how much apparently unrelatedinformation was given to Wells’ own law firm,” Roame said. Thenthat firm passed it on to the plaintiff’s law firm.

“Such broad sharing seems like it will always lead to issues,”the consultant explained.

For its part, Wells Fargo says it is “taking swift legal actionto ensure client data, which was inadvertently released to a lawyeras the result of a subpoena, is returned immediately.” In addition,the bank is “seeking to prohibit the data from being disseminated,”it says, as it takes the security and privacy of client information“very seriously.”

Corporate Matters

The fact that the data leak comes less than a year after WellsFargo agreed to pay fines of about $185 million over up to 2million fake accounts, also concerns Byrnes and Roame.

“We know that when a female bank manager said something wasgoing on at the branch,” she was fired, Brynes said. “And she wasnot saying anything about what was going on at other parts of thebank,” even though the fake-accounts issue was widespread.

On Friday, however, the Labor Department ordered her to berehired and required Wells Fargo to give her back pay of some$570,000.

“If a problem occurs once, I have to think it can besystematic,” Byrnes said. “I have to image that Wells Fargo issending out [more data] without a protocol for this informationbeing in place or it would have been secured” or locked.

The latest news, he adds, “does not make you feel comfortablewith Wells Fargo,” he added.

Roame concurs.

“This feels extremely sloppy,” the consultant said. “I knowWells has made some recent moves to simplify its businesses andmaybe that is an acknowledgement of its unwieldiness.”

For Byrnes, there are serious issues left to confront at theinstitution. “No one expect banks to unilaterally be sendingout your information. You expect they are being probed [by hackers]and are doing their best to defend your data,” he explained.

For both the clients and their advisors, “This is not what theysigned up for,” the attorney said.

He fears the information that has already been divulged could beleaked further.

“Wells Fargo has not learned [from its issues] and does not seemto have protocols in place. This is systemic,” Byrnes explained.“They are not getting their compliance in order.”

Beyond its systems, the corporate culture also must change, hesays, so that the company allows for feedback that can then be usedto fix problems.

“No one who brings attention to problems should be afraid” ofretaliation, Byrnes explained. “This will likely play itself out inother ways … and then they will finally get it.”