-
Speculation that document-disclosing website WikiLeaks has sensitive data about Bank of America Corp. drove banking stocks lower on Tuesday, though the sector recovered in an afternoon rally.
November 30
The leak of supposedly damaging documents by a former Bank of America Corp. employee through an online hacker group appears, at least for now, to be anticlimactic.
But the attention the leaked e-mails received on Internet sites and in the media Monday is a stark reminder of just how vulnerable an organization can be to targeted attacks on its reputation — whether substantial or not.
"I would think that even as insignificant as these e-mails might appear, the public's trust level has gone down with the bank," said Scott Mills, president of the William Mills Agency, a PR firm focusing on the financial services industry. "When documents are leaked, there is breach in trust."
The documents that were posted by a group of hackers that goes by the name Anonymous include images of a handful of e-mails among employees of Balboa Insurance Group, a provider of force-placed insurance that B of A sold recently to QBE Group of Australia. Bank of America inherited Balboa from its 2008 takeover of Countrywide Financial Corp.
The e-mails appear to deal with an unspecified error relating to several dozen GMAC loan files being processed by a Balboa office. In correspondence from late last year, a Joanne Anderson tells colleagues that the company cannot erase certain document images from the Rembrandt loan-processing software that it uses.
What can be done, she says she was told, is to remove the loan numbers, "so the documents will not show as matched to those loans," a process a senior employee approves.
According to an e-mail from another employee, Jason Vaughn, stripping this information will leave a "huge red flag for auditors." Vaughn goes on to ask, "What am I missing? This just doesn't seem right to me."
The e-mails were published at www.bankofamericasuck.com. A writer to the website, who describes himself or herself as an ex-employee, claims to have provided them.
Even with the attempted explanation that accompanies the e-mails, a clear sense of their meaning or importance is lacking. However, the writer calls them a "smoking gun."
A blogger, who identified himself as Brian Penny, an insurance tracking division employee at Balboa until January, took credit on another site for leaking the e-mails.
A spokesman for B of A said Monday in an e-mail to American Banker that the company is "aware that a former Balboa Insurance Group employee is trying to generate interest in non-foreclosure-related clerical and administrative documents that he stole from the company."
"We are confident that his extravagant assertions are untrue," the spokesman wrote.
Some bank analysts had trouble deciphering what exactly the e-mails reveal that could be construed as fraudulent.
"We need further clarification," Paul Miller, an analyst at FBR Capital Markets, said.
Others dismissed the leaked e-mails as entirely trivial.
"This is nothing," said Richard Bove, an analyst at Rochdale Securities Inc. who follows B of A. "This whole thing is just a whining employee that is trying to make some news. If this is the best they've got, they've got nothing."
Chris Whalen, of Institutional Risk Analytics, agreed, saying the posting of the e-mails "is not news."
"These people have no credibility," he added, referring to both the ex-employee and the hacker group.
Investors, too, seemed unfazed by the latest revelation. B of A shares were down 1%, on a day the markets fell broadly..
"If this was a slow news week and this came out, I think the potential downside for the bank would be much greater," Mills said. "I think we're being slightly desensitized toward data breaches because we're hearing about it a lot more. So it's possible that another worse infraction will pop up, and this will be just a minor blip on the radar."
There certainly is the possibility that more damaging documents related to B of A are yet to come. The e-mails released Monday apparently are unrelated to the trove of internal bank files that WikiLeaks has claimed to possess. WikiLeaks gained notoriety for its publication late last year of secret State Department communications.
Its founder, Julian Assange, has said he has obtained internal documents from a major bank that would likely spark "investigations and reforms."
The threat of that disclosure, announced in November, helped wipe out $3.6 billion of B of A's market capitalization, due to speculation that the bank in question was B of A.
But two days later, B of A's stock had more than fully recovered that hit.
B of A chief executive Brian Moynihan said in an interview last week that the company is fully prepared to deal with any WikiLeaks disclosures.
If anything, experts say the hype over these types of leaks says more about the groups leaking the information than the organizations that they purport to have dirt on.
"Everybody wants their 15 minutes of fame and that's what the hackers who do this sort of thing, that's what they're after," said Michael Benoit, a partner at law firm Hudson Cook who represents banks. "They want to do damage for whatever reason. They may not personally take credit for it, but in their minds that's what they did."
Anonymous is the moniker attached to a loosely connected group of hackers and activists who in recent months have been more focused on the financial space. Last year, they briefly managed to take down major credit card company websites in retaliation for the companies' decision to shut down online donations to WikiLeaks. Often justifying their actions as a defense of free speech, their other targets have included security firm HBGary Federal and the Church of Scientology.
There may be more e-mails on the way, however, that could give clarity to the first batch, and potentially reveal missteps in the bank's processing of documents.
"I also need to keep a few aces for my inevitable years of litigation for what I'm doing," the ex-employee wrote on www.bankofamericasuck.com. "I have no income and no way of monetizing this yet, so I have to keep at least a little something for myself. That e-mail is enough to crack their armor."
