How FinCEN Became a Honeypot for Sensitive Personal Data

Banking, Commercial, and Consumer Finance   |   Cybersecurity and Privacy   |   Technology   |   December 10, 2020
Share Share Page

Carlton Fields cybersecurity and privacy attorney Michael Yaeger was quoted in a CoinDesk article, “How FinCEN Became a Honeypot for Sensitive Personal Data,” regarding the retention issues related to the suspicious activity reports (SARs) filed by big banks to the U.S. Financial Crimes Enforcement Network (FinCEN).

FinCEN manages a database of SARs with detailed documentation of suspected instances of money laundering or fraud. These SARs can contain in-depth information about individuals. However, when hacks of the database occur, such as the recent, large leak of more than 2,000 reports, questions arise about how the government is handling the data and why the data is held on to for so long.

“I don’t think data retention is seriously thought about at the government level,” said Yaeger. “They specify how long they retain it at the bank level, but the government doesn’t. It’s not in the habit of destroying data.”

Yaeger also advised that the data could be a “honeypot,” or harmful in the wrong hands. 

“It’s a window into the financial system, and specifically things that are flagged as potentially illegal activity,” said Yaeger. “So whatever use it has, whether it’s individual criminals seeing ‘oh yeah they’re onto me’ or it’s blackmail material you could use against people, the limits are really just determined by your imagination.”

Read the article.

Subscribe to Publications

Media Inquiries

Contact the Media Team


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.