Privacy Breach on Bloomberg’s Data Terminals

A shudder went through Wall Street on Friday after the revelation that Bloomberg News reporters had extracted subscribers’ private information through the company’s ubiquitous data terminals to break news.

The company confirmed that reporters at Bloomberg News, the journalism arm of Bloomberg L.P., had for years used the company’s terminals to monitor when subscribers had logged onto the service and to find out what types of functions, like the news wire, corporate bond trades or an equities index, they had looked at. Bloomberg terminals, which cost an average of more than $20,000 a year, are found in nearly every banking and trading company.

Bloomberg said the functions that allowed journalists to monitor subscribers were a mistake and were promptly disabled after Goldman Sachs complained that a Bloomberg reporter had, while inquiring about a partner’s employment status, pointed out that the partner had not logged onto his Bloomberg terminal lately.

The incident led to broader concerns about the line at Bloomberg between its lucrative terminal business and the hypercompetitive newsroom, threatening to undermine the credibility of both. In a secretive world that thrives on opacity, traders and financial firms jealously guard every speck of information about their activity to avoid tipping their hand on their trades and investments.

“On Wall Street, anonymity is critically important. Secrecy and the ability to cover one’s tracks is paramount,” said Michael J. Driscoll, a former senior trader at Bear Stearns who now teaches at Adelphi University. He added: “If Bloomberg reporters crossed that line, that’s an issue.”

The news gathering technique appears more widespread than the Goldman incident, which was first reported by The New York Post. A preliminary analysis at Bloomberg revealed that “several hundred” reporters had used the technique, a person briefed on the analysis said. (Bloomberg employs more than 2,400 journalists worldwide. A spokesman declined to comment on the analysis and said no reporters had been fired.)

There are also fears that the monitoring may have gone beyond Wall Street. Banking regulators at the Federal Reserve are examining whether their own employees were subject to tracking by Bloomberg reporters, according to people briefed on the matter. A spokeswoman for the Fed declined to comment.

There are now more than 315,000 Bloomberg terminal subscribers worldwide who rely on the desktop computer for research, trading, communication and a constant stream of financial information and news.

But as it turned out, what the subscribers were doing was not always confidential. Bloomberg reporters used the “Z function” â€" a command using the letter Z and a company’s name â€" to view a list of subscribers at a firm. Then, a Bloomberg user could click on a subscriber’s name, which would take the user to a function called UUID. The UUID function then provided background on an individual subscriber, including contact information, when the subscriber had last logged on, chat information between subscribers and customer service representatives, and weekly statistics on how often they used a particular function. A company spokesman said both of those functions had been disabled in the newsroom.

Terminals never allowed journalists to see specific securities or trades, but even general hints of what users are searching could provide a glimpse into Wall Street’s thinking â€" powerful currency in the competitive world of financial journalism. Daniel L. Doctoroff, chief executive of Bloomberg L.P. and a close confidant to the company’s founder, Michael R. Bloomberg, said in a memo to employees that “client trust is our highest priority and the cornerstone of our business.” Mr. Bloomberg stepped away from day-to-day operations when he became mayor of New York City.

Last month, the company further centralized its data security efforts, including appointing Steve Ross, a senior executive, to the newly created role of client data compliance officer.

“To be clear, the limited customer relationship data previously available to our reporters never included access to our trading, portfolio, monitor, blotter or other related systems or our clients’ messages,” Mr. Doctoroff said. He posted a damage control message to clients on the Bloomberg terminal and blog, calling the reporting practice a “mistake.”

Nathaniel Popper contributed reporting.

A version of this article appeared in print on May 11, 2013, on page A1 of the New York edition with the headline: Privacy Breach On Bloomberg’s Data Terminals.