Do You Know Your Data is Secure After ‘Secure Disposal’?

When it comes to safeguarding personal and financial data, the process doesn’t end when the information is no longer needed. Recent events at Bank of America (BoA) have highlighted a growing concern about the vulnerability of sensitive information even after it has been sent for secure destruction.

Data Disposal Vulnerabilities

A potential data security breach has put the spotlight on the risks associated with third-party document disposal services and the importance of ensuring robust security throughout the entire lifecycle of data handling, from collection to disposal.

In December 2024, BoA reported an incident where confidential documents were found unsecured outside their Financial Centre after being handled by a third-party document destruction provider. While the breach took place at the end of last year, details have come to light in 2025 as the bank began notifying potentially affected customers and offering identity protection support.

The breach occurred due to inadequate handling of materials sent for secure disposal, leaving customer data exposed to potential threats. Among the information left vulnerable were not just contact details, such as names, addresses, and phone numbers, but also protected personal data, including Social Security numbers, dates of birth, and government-issued IDs.

Repeated Incidents Highlight Security Gaps

This breach is the second such incident BoA has faced involving a third-party vendor. Back in January 2024, a similar mishap put the personal data of over 400 customers at risk. While it’s still unclear how many individuals were affected by the latest breach, at least two customers have been identified, prompting BoA to offer complimentary identity theft protection services to those impacted.

These breaches raise important questions about the reliability of third-party service providers and the potential gaps in security during the data destruction process. Secure disposal is not just about handling physical documents properly; it involves ensuring that data remains protected at every step.

How AJC Can Help Businesses Improve Their Data Protection Protocols

At AJC, we understand that data security is a top priority for any organisation, especially when sensitive customer data is involved. The recent breaches at Bank of America underscore the need for a more comprehensive approach to data security, particularly when third-party vendors are part of the process.

Mitigating Third-Party Risks
AJC supports businesses in strengthening their data protection protocols, focusing on securing sensitive information throughout its lifecycle. We help companies evaluate third-party vendors, ensure they meet the necessary security standards, and guide businesses in establishing secure data disposal practices.

Data Security Audits and Compliance
With evolving data protection regulations, including GDPR and CCPA, businesses need to ensure they are compliant with all relevant laws. AJC offers audit services to assess current data security practices, identify vulnerabilities, and recommend improvements. Our team ensures your organisation stays ahead of regulatory requirements and is prepared for any external audits.

By working with AJC, businesses can ensure they are taking proactive steps to protect sensitive information and mitigate risks associated with third-party vendors and data disposal.

Contact us on 020 7101 4861 email us info@ajollyconsulting.co.uk if you think we can help.

Image accreditation: Bank of America logo close-up (2011) from Wikimedia Commons. Last accessed on 31st March 2025. Available at: https://commons.wikimedia.org/wiki/File:Bank_of_America_logo_close-up_(Canary_Wharf_building).jpg