By Cyrus Sanati
FORTUNE -- Bloomberg LP must go further to ensure their customers' sensitive data is truly secure. The company dodged a bullet last week as traders on Wall Street and in the City of London shrugged off reports that Bloomberg News journalists had access to a number of seemingly benign customer data points. But reports that confidential client messages exchanged over Bloomberg terminals had been accidentally posted online by the company have raised a fair share of eyebrows across the financial community and could ultimately threaten Bloomberg's main business, its terminal sales.
The Bloomberg terminal is an indispensable data and research tool used by the financial community to monitor the markets. One can do everything from see the pricing curve of some esoteric security, to checking airline flight prices, to reading and watching financial news. With subscription fees at around $20,000 a year per user, the terminal is also the firm's main revenue generator.
The terminal is used differently by each silo of the Street. Bloomberg sales teams have a function <UUID> to monitor what their users are looking at to determine best how to structure and sell their product to each of these disparate silos. It had been around since the company's founding 30 years ago.
But news last week that journalists at Bloomberg's massive news division were using the function to snoop on financial professionals -- from investment bankers to the Chairmen of the Federal Reserve -- alarmed the media and the government. The information available to journalists, though, turned out to be relatively benign. Apparently UUID can show information on which of the 15,000 functions their clients were using along with statistics on when they last logged in.
"Nobody really cared that much that the Bloomberg reporters could see that stuff," a trader who works at a large asset management firm in London told Fortune. "It was always assumed that they could see it as some guys on the desk would start to receive calls from the Bloomberg reporters the second they logged in."
The company said on Friday that its reporters never had access to sensitive information like "securities-level data, position data [or] trading data." Bloomberg said it had cut its employees off from accessing the UUID function last month after Goldman Sachs (GS) complained that a reporter had been using the data to check on the whereabouts of a Goldman employee who hadn't logged into his terminal in some time. The company also said it was appointing a senior executive who would be "responsible for reviewing and, if necessary, enhancing protocols which among other things will continue to ensure that our news operations never have access to confidential customer data."
The Bloomberg drama would have probably ended there. The bulk of the traders and bankers Fortune spoke to over the weekend concerning this story said that the snooping scandal had become more important to journalists than the greater financial community.
But then came word Monday that a trove of Bloomberg messaging data had been found online. The data was old but contained user info, trading data, and sensitive communications between bankers, traders, and their clients. Bloomberg messenger is an email and instant messaging program. A great deal of trading and price discovery goes on in these chats -- especially in the opaque over-the-counter market. It is where essentially large parts of the financial industry conduct the bulk of their business. Bids and offers are sent between brokers and buy-side professionals, and deals are sealed all on Bloomberg chat. Bloomberg actively scans messages to help its customers seemingly keep records of their bids and offers.
"They have a system to capture your broker runs in Bloomberg and feed through into Excel," one fixed income trader told Fortune. "These runs come in every two seconds so it's a priceless tool for us."
Bloomberg employs an army of "message mining analysts" who, according to a recent job placement advertisement picked up by the Financial Times, "are responsible for ensuring that price information across Bonds, CDS, Loans and Mortgage products are properly picked up from individual messages and returned back to the client."
The key here is "returned back to the client." But with the cache of messages that were recently found online, some traders are concerned that their data isn't being handled properly and could fall into the wrong hands. There is also concern that the company may be using that information to help Bloomberg Tradebook or Bloomberg Pool, the company's growing broker-dealer and dark pool trading outfits, to gain an informational advantage over their clients.
"We give Bloomberg authorization to scan the runs but not to scan our deals," one American trader told Fortune. "If they were using that data to help their broker-dealer front-run us then I'd never use the messenger service and go back to doing all my deals on the phone."
Bloomberg's chat and messaging function is one of the stickiest parts of its terminal business as it is seen as a necessary component for various silos of the street to conduct business, especially in the fixed-income market, where the vast majority of trades are done over the counter as opposed to on an exchange. If traders go back to using the phone or start using another platform they deem to be more secure than Bloomberg messenger, then the company could see a huge drop in subscriptions. Traders in the oil and gas space, for example, never took to using Bloomberg messenger to conduct OTC trades; rather, they have always used Yahoo's free messaging system. So while Bloomberg messenger may be sticky, it isn't super glue.
Bloomberg said its clients voluntarily handed over the information, which was summarily posted online by accident several years ago. The company said it gathered the data for internal testing to improve its technology. Nevertheless the posting of the data combined with the snooping scandal has made a number of financial professionals uneasy.
"That's terrible," one hedge fund professional said upon learning that that trading data had been posted online. "If someone could see my IM [instant messages] and front-run my trades it would be a disaster."
There is also concern that Bloomberg could lose control of private text messages sent over Bloomberg chat. Financial professionals use the chat not just for trading and business but also to talk smack about everything from their bosses to their clients.
"Legal liability is a concern," a Wall Street trader told Fortune. "Nobody wants to be quoted talking about 'muppets.'" By "muppets" the trader was referring to an insult that Goldman Sachs employees in London supposedly use to describe gullible clients.
"Bloomberg itself has no right or place to use and misuse that information," a buy-side trader told Fortune. "I am vehemently opposed to this, and I think there can be very little dispute on this matter."
It could take just one broker-dealer to make the move from Bloomberg to one of its data rivals, like Thomson Reuters, to start a huge earthquake in the industry. Reuters's new Eikon terminal -- dubbed the "Bloomberg Killer" -- is arguably more user-friendly than the Bloomberg terminal and its 15,000 esoteric function codes.
So what should Bloomberg do? Apologies can get the company so far. As such, it should take bigger steps to ensure that Bloomberg's various businesses aren't sharing information both with the public and with each other. Bloomberg says it has beefed up its security measures since the trading data was posted online several years ago. But more can be done. Some traders have suggested that so-called Chinese Walls be erected around Bloomberg's various business units to prevent cross-contamination of information. Large banks have such walls erected between their investment banking and research departments. Allowing regulators or some sort of independent auditor to review, approve, and report on their security measures would also go a long way in the eyes of some traders.
"Bloomberg offers a fantastic service. and I feel if they come out strongly to assure their users this won't happen again and steps are being taken, I expect it to die down," one trader in London told Fortune. "But most commentary suggests this could plague them for some time to come -- which camp turns out to be right will largely depend on the strength of the Bloomberg response."
Softbank's deal to buy Spring is big. But just how big?
FORTUNE -- Japan's Softbank Corp. today confirmed that it will buy a 70% stake in Sprint Nextel Corp. (S), America's third-largest mobile carrier, for approximately $20.1 billion.
It's the second larger merger announcement of 2012, following mining company Xstrata PLC's proposed $33 billion tie-up with commodities group Glencore. And it is by far the year's largest tech merger, leaving deals like Facebook's MOREDan Primack - Oct 15, 2012 11:35 AM ET
Chris Ahearn signs on with FirstMark Capital.
FORTUNE -- Former media and banking executive Chris Ahearn has quietly joined FirstMark Capital as a venture partner. No mention of this yet on the FirstMark website, although Ahearn already is repping the New York-based VC firm on the board of portfolio company NewsCred.
Ahearn is the former president of Reuters Media, a unit of Thomson Reuters (TRI), where he was known for his vocal embrace MOREDan Primack - Jun 20, 2012 12:20 PM ET
Media giant Thomson Reuters (TRI) today announced that it will acquire World-Check, a London-based provider of financial crime and corruption prevention information for businesses. The sellers are private equity firms Spectrum Equity Investors and HarbourVest Partners, which acquired World-Check in April 2007. Spectrum holds the larger piece.
No financial terms were disclosed, but a source familiar with the deal says the sale price was around $530 million. That represents around a 3.5x return MOREDan Primack - May 17, 2011 10:13 AM ET
Interview by Shelley DuBois, reporter
Valero 's (VLO) William Klesse is coming up on his fifth year as CEO, where he's worked for over 40 years. He offers some insight about how his company and the energy sector have navigated the recession, and why refining companies like Valero behave differently in the market than companies that also do exploring and refining, like BP. Klesse also talks about what energy sector investors MOREDec 28, 2010 12:49 PM ET
Who's keeping Wall Street in business? You are.
The U.S. government has been the biggest fee payer to global investment banks in the first nine months of 2010, Thomson Reuters said Wednesday in its quarterly fee review.
The United States shelled out $1.15 billion in fees, mostly on bond offerings by the government-run mortgage companies Fannie Mae (FNMA) and Freddie Mac (FMCC), Thomson Reuters said.
Your generosity is no doubt well appreciated, given MOREColin Barr - Oct 6, 2010 12:14 PM ET
|Make $30 an hour, no bachelor's degree required|
|McDonald's gives Charles Ramsey free food for a year|
|The 'chicken poop' credit and other bad tax breaks|
|Why Waze is a hot takeover target|
|Where your donation dollars go|