© The Financial Times Ltd 2014 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
Last updated: May 14, 2013 3:58 am
More than ten thousand private messages sent between users of Bloomberg’s financial terminals have leaked online, undermining the company’s attempts to restore faith in its ability to keep client data confidential as it scrambles to allay clients’ privacy concerns.
Two long lists showing confidential Bloomberg messages between traders at dozens of the world’s largest banks and their clients have been online for several years, the Financial Times has learnt.
The documents from one particular day in 2009 and also from 2010, contain messages sent in by clients so Bloomberg could extract price data for their use on bonds, credit default swaps and other financial products from traders’ messages.
The messages had been found, a financial markets professional said, through a simple Google search. They were taken down from the internet on Monday, after the FT inquired about them.
They showed information such as unique Bloomberg user identifiers, real names and traders’ email addresses as well as confidential financial price information and trading activity.
“This work was done with client consent, where emails were explicitly forwarded to us to a dedicated email account and released by the person responsible for the email so that we could conduct internal testing to improve our technology for the client,” a Bloomberg spokesman said.
The apparently accidental leak threatens to unnerve Bloomberg’s clients, however, only days after the unrelated revelation that Goldman Sachs had complained that the news organisation’s journalists had been able to track when users accessed their terminals and which functions they used.
On Tuesday, the Bank of Japan became the latest central bank to contact Bloomberg over the issue, joining the European Central Bank and Germany’s Bundesbank. The Federal Reserve, the US Treasury and JPMorgan Chase are also among about 20 clients who have raised questions since news of Goldman’s formal complaint leaked last week.
Also on Tuesday, the Hong Kong Monetary Authority said it was “aware of the incident and is looking into the matter” but declined to comment further.
European authorities’ comments followed Bloomberg’s second attempt to draw a line under the reputational crisis. In a Sunday night online editorial, Matthew Winkler, editor-in-chief of Bloomberg News, apologised and described the fact that reporters had access to certain client information as “inexcusable”.
Dan Doctoroff, Bloomberg’s chief executive, started a blog on Monday night, saying that he and his executives had contacted more than 300 clients since privacy concerns emerged last week.
“We started each conversation with an apology for our mistake. We’ve listened carefully and also explained the very specific and limited nature of the data our reporters were able to access,” he said. “We’re grateful for the understanding our clients have shown.”
Bloomberg’s messaging service, which it pioneered before email was commonly used, is highly prized by banks for its security and functionality.
The leaked messages were uploaded to the internet by Steve Raaen, then a Bloomberg employee, while he was working for the company on a data-mining project for clients’ benefit. It is believed he intended to to upload them to a secure site.
Mr Raaen, who left Bloomberg in March 2011, declined to comment.
Bloomberg said use of such emails outside its system “would have been a clear violation of our policies” and it was considering “all potential legal” actions. Such a breach could not happen now, it added, due to new technology and “upgraded” controls that would prevent such information leaving its system.
The project on behalf of Bloomberg clients, called “message scraping”, entailed Mr Raaen, a business manager, combing through traders’ messages to get better pricing information on financial products that are traded over the counter.
The messages included trade information and other confidential details from global banks including Barclays, Citigroup, Deutsche Bank, Goldman, HSBC, Nomura, JPMorgan and Morgan Stanley.
In one message from August 25 2009, a trader at a large bank passed on the information to three of his clients at institutional investors and asset management groups that he had sold $2m ING bonds at a price of $56 each: “LIFTED 2MM INTNED 8.439 $56, 2.75MM LEFT THERE.”
In another message on the same day, a trader at another bank passed on information to a broker dealer about the price a client was paying for Deutsche Telekom bonds: “DT 6⅝ 3/18 . . . BUYER €5M PAYING B+250 Z+130.”
Mr Winkler in his editorial echoed an earlier statement from Mr Doctoroff, saying the company had “never compromised the integrity of that data in our reporting”.
Bloomberg News has not written about the privacy concerns, citing a policy that it does not cover its own company.
Mr Winkler’s editorial followed news that Bloomberg knew in 2011 about the privacy issue, but failed to close the loophole until Goldman’s complaint in April.
Additional reporting by Martin Stabe in London, Michael Steen and James Wilson in Frankfurt, Paul J Davies in Hong Kong and Jonathan Soble in Tokyo
Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.