Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


More On

Wells Fargo investigated for possible data breach

Connecticut AG looking into whether company improperly disclosed customers’ Social Security numbers

Nothing says “Happy New Year!” like an investigation from the attorney general. Such is the reality for Wells Fargo & Co., which now must explain to Connecticut Attorney General George Jepsen why it may have disclosed customers’ Social Security numbers when it mailed them copies of subpoenas issued by the state Department of Social Services (DSS) as part of a fraud investigation.

The potential breach is just part of a larger probe by the Connecticut DSS into whether state employees falsified financial information for food benefits issued in the wake of Hurricane Irene in August 2011. Improper disclosure of Social Security numbers by individuals or entities without redaction is a violation of state law.

“My initial review suggests that neither Connecticut nor federal law required Wells to disclose DSS’s subpoenas to the customers whose records were sought therein,” Jepsen wrote in a letter to James Strother, Wells Fargo’s senior executive vice president and general counsel. “Nor am I aware of any reason to conclude that Wells was prohibited from redacting other individuals’ information from subpoenas it chose to disclose to customers.”

The AG’s office reports that 130 Social Security numbers, along with identifying information, were included on at least two subpoenas issued to Wells Fargo. The financial services firm purportedly then passed on copies of the subpoenas to its customers without redacting any of that personal information.

Jepsen also requested in the letter, dated Jan. 4, that Wells Fargo respond by next week.

“It is vital that you provide further information to my office concerning this matter so that I may determine the appropriateness of Wells’ conduct and whether Wells must provide affected individuals with protections against identity theft or other harms,” Jepsen wrote.

If a breach did occur, Jepsen wrote that he would ask the company to provide credit monitoring, identity theft insurance and security freeze reimbursement to the affected customers.

A Wells Fargo spokesman told Reuters that its “focus is on its customers and other individuals who were affected,” and that it will offer them the option of signing up for identity theft protection.

Join the Conversation

Advertisement. Closing in 15 seconds.