Customer given access to others' accounts
Bank of America Corp. says its recent conversion of FleetBoston accounts to its computer network went smoothly, but don't tell that to Mark Levy, who accidentally got online access to about $90,000 of other people's money.
When Levy went to the bank's website to check his accounts, the freelance writer from Brookline said, he also had access to several accounts that weren't his. If he were criminally inclined, he said, he could have emptied those accounts.
Bank spokesman Ernesto Anguilla said that what happened was an isolated incident caused by ''human error" and ''unrelated to the conversion." While Levy got access to about 10 accounts, it appears that they belonged to two customers, Anguilla said.
There was no way those customers could have suffered financial losses, Anguilla said, because all Bank of America customers ''would be fully reimbursed by the bank for any unauthorized transactions."
Bank of America acquired FleetBoston Financial Corp. last year and converted many FleetBoston accounts to its computer network this month.
Levy said he visited the bank's website Monday, but couldn't get access to all of his accounts. On Tuesday, he telephoned for help several times. At one point, he asked a bank employee for account information, and was given some correct information, as well as information for an account that was not his.
Levy said he immediately informed the bank employee, who promised to fix the problem.
But when Levy later visited the bank's website, he saw information for several money market savings and brokerage accounts that weren't his. On Wednesday, he notified the bank by e-mail. As of noon Friday, he said, he still had access to others' accounts. That problem was rectified several hours later.
When Levy informed the bank of his problem Tuesday, bank employees attempted to address it. That was when the human error occurred, Anguilla said.
When a security breach results in the disclosure of private consumer information, a company may have an obligation to inform federal regulators and its customers, said Tena Friery, research director at the Privacy Rights Clearinghouse, a nonprofit group dedicated to raising consumer awareness about privacy issues.
Anguilla said the bank plans to notify regulators and reach out to the customers whose information was accidentally shared with Levy.
''This is not a systemic problem," Anguilla said. ''It's truly a one-time incident."
The Federal Trade Commission recently settled a case against BJ's Wholesale Club Inc. for failing to protect credit-card information. And data thieves compromised information for 40 million credit card holders whose purchases were processed through CardSystems Solutions.
In February, Bank of America reported it had lost tapes containing financial information for about 1.2 million federal employees, though bank officials believe the data have not been misused.
For an identity thief, having a consumer's name, address, and bank account numbers would be useful, said Eric Bourassa, a consumer advocate with the Massachusetts Public Interest Research Group. But additional information, such as a Social Security number, most likely would be needed to set up phony credit card accounts, privacy specialists said.
Being unable to access information about all his accounts simultaneously for much of last week was ''a minor inconvenience to me," Levy said. But referring to the customers whose accounts were mixed up with his, he said, ''I think it's a serious problem for several other people."
Chris Reidy can be reached at reidy@globe.com. 
