From
Send to

"블룸버그 단말기 이용자 메시지 인터넷에 유출"

May 15, 2013 - 09:52 By 윤민식

세계적 경제뉴스 전문매체 블룸버그통신이 고객 정보 무단 접근으로 곤욕을 치르는 가운데 이번에는 블룸버그 금융거래정보단말기 이용자 간의 사(私)적인 메시지 1만 건 이상이 인터넷에 유출된 것으로 드러났다.

영국 일간 파이낸셜타임스(FT)는 2009년과 2010년의 특정한 날 블룸버그 단말기를 통해 수십 개의 세계적 대형은행 직원과 고객들 사이에 오간 은밀한 메시지 목록 두 개가 지난 몇 년간 인터넷에 버젓이 공개돼 있었다고 14일 보도했다.

신문은 "이들 메시지는 그간 구글에서 간단한 검색을 통해 찾을 수 있었다"면서 "우리가 취재에 들어가자 지난 13일 삭제됐다"고 전했다.

유출된 자료에는 블룸버그 단말기 이용자의 실명과 이메일 주소, 거래 정보와 비밀스러운 금융가격 등이 담겨 있다.

이를 통해 블룸버그는 고객들이 채권과 신용부도스와프(CDS) 프리미엄을 비롯해 다른 금융상품에 얼마를 지출했는지를 알 수 있다.

2009년 8월25일의 한 메시지를 보면 한 대형 은행 직원이 기관투자가와 자산 매 니지먼트 그룹에 속한 세 명의 고객에게 자신이 ING 채권을 얼마에 팔았다는 정보를 제공한다.

같은 날 다른 메시지에서는 또 다른 은행의 직원이 브로커 딜러에게 한 고객이 독일텔레콤 채권을 얼마에 샀는지 알려준다.

블룸버그의 메시지 서비스는 이메일이 대중화되기 전 그 보안성과 실용성  때문 에 은행권에서 높은 평가를 받았다.

그러나 이런 긍정적인 평가는 어디까지 비밀이 보장된다는 전제하에서였다.

최근 블룸버그 기자들이 금융기관 등에 유료로 서비스되는 금융거래정보단말기 에 무단으로 접근해 취재에 활용한 사실이 들통나 파문이 이는 가운데, 고객의 메시지까지 유출됐다는 사실이 알려지면서 블룸버그의 신뢰도는 땅에 떨어졌다.

FT는 "이번 메시지 유출로 고객 데이터 비밀 보장에 대한 신뢰를 회복하려는 블 룸버그의 노력에 제동이 걸렸다"고 지적했다.

유출된 메시지는 당시 블룸버그 영업 매니저였던 스티브 라엔에 의해 인터넷에 올려졌다. 라엔은 고객 이익을 위해 데이터 분석을 하는 프로젝트를 진행 중이었다.

그는 보안사이트에 이 메시지를 올리려고 했던 것으로 보인다.

'메시지 스크랩핑'이라 불린 이 프로젝트는 장외에서 거래되는 금융상품에 대한 더 좋은 가격 정보를 얻으려고 고객들의 메시지를 샅샅이 뒤지는 것이었다.

이 메시지들은 시티그룹, 독일은행, 골드만삭스 HSBC, JP모건, 모건스탠리 등 글로벌은행들의 거래 정보를 포함한 비밀 자료들을 담고 있다.

2011년 3월 블룸버그를 퇴사한 라엔은 입장 표명을 거부했다.

블룸버그는 내부 시스템 밖에 자료를 올리려 한 것은 명백하게 사규를 위반한 것이라며 가능한 모든 법적인 대응을 고려하고 있다고 밝혔다.

이어 현재는 새로운 기술과 그런 정보들의 외부 유출을 방지하는 강화된 통제 시스템으로 인해 그러한 일이 발생하지 않는다고 강조했다.

한편, 블룸버그의 고객정보 무단접근에 대해 미국 연방준비제도가 조사에 착수되는 등 파문이 확산되고 있다.

이번 파문은 골드만삭스가 블룸버그의 기자들이 민감하고 취득하기 어려운 정보를 알고 있는 사실을 파악하고 블룸버그 측에 항의하면서 드러났다.

이에 대해 블룸버그통신의 매튜 윙클러 편집국장은 지난 13일 밤 홈페이지를 통 해 사과문을 게재했다.

윙클러 국장은 "2011년 이러한 개인정보 침해에 대해 인지했지만 지난달 골드만 삭스의 항의가 들어오기 전까지는 '구멍'을 메우는 데에는 실패했다"고 인정했다.

 

<관련 영문 기사>

Bloomberg exec apologizes amid new report of leaks

Financial data and news service Bloomberg LP moved to repair damage to its reputation Monday as a published report said that more than 10,000 of its clients' private messages containing sensitive pricing data had been leaked online.

The report came the same day Bloomberg News Editor-in-Chief Matthew Winkler apologized for the news service's practice of allowing its journalists to access data about how clients used the company's financial data services.

Reporters have had access to the data, Winkler said, since the 1990s but it was revoked last month after investment bank Goldman Sachs complained.

Bloomberg's data services provide financial-market information and news, an instant messaging program and trading platforms to users. The services, which are mainly accessed by way of the company's proprietary computer terminals, are widely used in the financial industry and beyond. More than 315,000 clients pay roughly $20,000 per year for the right to use them.

The mishaps involving Bloomberg's handling of what traders had thought was private information were seen as damaging but not insurmountable for the news juggernaut founded by New York City Mayor Michael Bloomberg in 1981.

Bloomberg LP and its rival Thomson Reuters Corp. each have around a 30 percent share of the $25.5 billion market for financial data and investment services, according to Douglas B. Taylor, founder and managing partner of Burton-Taylor International Consulting LLC, which tracks the industry. Bloomberg's annual revenue was $7.9 billion in 2012, about 85 percent of which was generated from terminal sales.

Because both companies have different strengths _ Bloomberg in debt markets and Thomson Reuters in foreign exchange _ Taylor said he doubts the latest incidents will spark mass cancellations among Bloomberg's clients.

Traders need to operate on platforms with the most active buyers and sellers in a given market.

“If you aren't a part of it, you could potentially end up executing transactions at less favorable prices,” he said.

Other observers shared the view.

“This is an embarrassment for Bloomberg, but I don't think it's likely to cause any significant disruptions in market share,” said Peter Appert, an analyst for investment bank Piper Jaffray & Co.

“Most large contracts are long-term and very sticky, so as long as Bloomberg goes into appropriate damage control (i.e. apologies, puts in safeguards etc.), we do not see a big shift in market share,” RBC Capital Markets analyst Drew McReynolds said in an email.

A spokeswoman for Bloomberg would not immediately confirm the leak reported by The Financial Times. The newspaper said Monday that messages between traders at dozens of large banks from one day in 2009 and one in 2010 had been put online by a former Bloomberg employee.

The Financial Times said it was possible the employee intended them to be uploaded to a secure site.

The company told the newspaper that the post was a “clear violation of our policies” and added that it is considering legal action.

Earlier Monday, Winkler apologized in an online post. He explained that journalists at Bloomberg News, until recently, had been able to see when clients last accessed their Bloomberg terminals. They were also able to view broad categories of functions that clients used, such as one that looks up credit ratings.

When a client enters a command such as “BANKS,” for example, the terminal brings up a table of credit default swap prices for 30 banks. Before the recent changes, a Bloomberg journalist would be able to see the most frequently used commands by a particular user in the past week.

Goldman Sachs had complained to Bloomberg management about the practice after a Bloomberg reporter told the company that she had used log-in data as a clue in her investigation into whether a Goldman employee had departed.

“Our client is right,” Winkler said in the post. “Our reporters should not have access to any data considered proprietary. I am sorry they did. The error is inexcusable.”

The Federal Reserve is looking into whether Bloomberg journalists tracked data about terminal usage by top Fed officials. In a brief statement Monday, the European Central Bank said it “takes the protection of confidentiality very seriously and our experts are in close contact with Bloomberg.”

Bloomberg News is owned by Bloomberg LP, a private company controlled by New York Mayor Michael Bloomberg, who is reported to own about an 85 percent share. The mayor is not involved in day-to-day decision-making at the company but he can be involved in such major things as asset sales or borrowing.

He declined to comment on the matter at an event Monday about the progress made cleaning up a polluted city canal.

“I can't say anything,” he said, invoking a longstanding city Conflict of Interest Board ruling that limits his involvement in the company. “You'd have to talk to the company.”

Although Bloomberg LP's main business is selling terminals to clients in the financial industry, its news service employs more than 2,400 journalists.

Bloomberg News reporters had also been able to see if subscribers had been looking at top news stories, or if they had been gathering data on stocks or bonds, but not which stories or bonds and stocks they had looked up, according to Bloomberg LP spokesman Ty Trippet.

He said reporters could also see if subscribers were using “message” or “chat” functions to send messages to each other over the terminals, but not the recipient of the messages or their content. Reporters were mostly getting contact information for subscribers, such as telephone numbers and email addresses, Trippet said.

Bloomberg cut journalists off from this type of access last month, after the Goldman complaint. In the posting Monday, Winkler drew a distinction between this type of data and “important” customer data, which he said has not been compromised.

Several investment banks and brokerage firms that use Bloomberg data services declined to comment Monday. Representatives for a couple of the firms voiced doubts that the revelations would change their firms' use of Bloomberg terminals.

Ethics and privacy experts roundly criticized the practice that had been in place for years.

Mark Rotenberg, executive director of the Electronic Privacy Information Center, said the breach was like giving unrelated people access to an individual's search history in Google.

“When people use services like Bloomberg, or for that matter, Google Search, information is retained for much longer than most people imagine,” he said. “That creates a privacy risk when information is disclosed to parties that really don't have a basis to get access to it.”

Caesar Andrews, a professor at the University of Nevada, Reno, Reynolds School of Journalism, said the accessing of client data by Bloomberg reporters was an inappropriate, clear-cut violation of basic ethics.

“It's not hard to imagine that companies will want some sturdy form of verification or assurance that this will no longer happen,” Andrews said. “I can't imagine companies are just going to shrug their shoulders and say, `this happens every now and again, let's move on.”' (AP)