In an e-mail message sent Monday to alert customers that its banking system would be out of service for maintenance this weekend, Bank of the West included the e-mail addresses of more than 3,300 of its customers in the "To" field, company spokesman John Stafford confirmed Tuesday. Stafford said the company mistakenly placed the e-mail addresses in the "To" field instead of masking them by placing them in the blind carbon copy (BCC) field.
"It was an inadvertent mistake," Stafford said.
Bank of the West e-mailed affected customers Tuesday to apologize for the error.
"We deeply regret that due to a human error your e-mail address was not masked. We have put the necessary procedures in place to make sure that this will not happen again," the company said in a note to customers. "We sincerely apologize for any inconvenience that this may have caused you."
Bank of the West is only the latest in a long line of companies whose sites have exposed customers' e-mail addresses and other sensitive personal information due to mistakes, system glitches or hacker attacks. Last year, a hacker attack at Amazon.com-owned book service Bibliofindnearly 100,000 customers? records, including their credit card numbers.
Two years ago, Ikea closed down its Web site temporarily after a problem on its sitethe names, addresses, phone numbers and e-mail addresses of tens of thousands of customers who had ordered catalogs from the home furnishings retailer. Several years ago, and made mistakes similar to Bank of the West's, exposing thousands of customers' e-mail addresses.
The confidentiality of e-mail addresses has become a more pressing concern in recent years as the amount of spam, or unsolicited e-mail, has skyrocketed. Although spammers can buy millions of e-mail addresses on a CD, many of the addresses are stale or wrong. In contrast, a list of good, confirmed addresses, especially those of a specific interest group, such as the Bank of the West customer base, is valuable.
Bank of the West sent its initial e-mail to customers who connect to its online banking service via Microsoft Money or Intuit's Quicken, Stafford said. The company was concerned that those customers wouldn't see an announcement about upcoming downtime posted on Bank of the West's Web site, he said. The company discovered Monday afternoon that the e-mail had exposed those customers' e-mail addresses, he added.