Bloomberg Users’ Messages Leaked Online

Daniel Acker | Bloomberg | Getty Images

More than 10,000 private messages sent between users of Bloomberg's financial terminals have leaked online, undermining the company's attempts to restore faith in its ability to keep client data confidential as it scrambles to allay clients' privacy concerns.

Two long lists showing confidential Bloomberg messages between traders at dozens of the world's largest banks and their clients have been online for several years, the Financial Times has learned.

The documents from one particular day in 2009 and also from 2010 contain messages sent in by clients so Bloomberg could extract price data for their use on bonds, credit default swaps and other financial products from traders' messages.

More From the Financial Times
Bloomberg Finds That Sorry Is the Hardest Word

Central Banks Question Bloomberg Privacy

Bloomberg Alerted to Access Issue in 2011

The messages had been found, a financial markets professional said, through a simple Google search. They were taken down from the internet on Monday, after the FT inquired about them.

They showed information such as unique Bloomberg user identifiers, real names and traders' e-mail addresses as well as confidential financial price information and trading activity.

"This work was done with client consent, where e-mails were explicitly forwarded to us to a dedicated e-mail account and released by the person responsible for the e-mail so that we could conduct internal testing to improve our technology for the client," a Bloomberg spokesman said.

(A Bloomberg spokesman told CNBC, ""Any use of these emails outside our system would have been a clear violation of our policies and a fireable offense. We are considering all potential legal and criminal actions.")

The apparently accidental leak threatens to unnerve Bloomberg's clients, however, only days after the unrelated revelation that Goldman Sachs had complained that the news organization's journalists had been able to track when users accessed their terminals and which functions they used.

(Read More: Bloomberg Admits Terminal Snooping)

On Monday, the European Central Bank and Germany's Bundesbank joined the list of clients airing concerns, saying they had both contacted Bloomberg over the issue. The Federal Reserve, the U.S. Treasury and JPMorgan Chase have also raised questions since news of Goldman's formal complaint leaked last week.

European authorities' comments followed Bloomberg's second attempt to draw a line under the reputational crisis. In a Sunday night online editorial, Matthew Winkler, editor-in-chief of Bloomberg News, apologized and described the fact that reporters had access to certain client information as "inexcusable."

Bloomberg's messaging service, which it pioneered before e-mail was commonly used, is highly prized by banks for its security and functionality.

(Read More: Can Wall Street Live Without Bloomberg?)

The leaked messages were uploaded to the Internet by Steve Raaen, then a Bloomberg employee, while he was working for the company on a data-mining project for clients' benefit. It is believed he intended to to upload them to a secure site.

Mr. Raaen, who left Bloomberg in March 2011, declined to comment. Bloomberg said use of such e-mails outside its system "would have been a clear violation of our policies" and it was considering "all potential legal" actions. Such a breach could not happen now, it added, due to new technology and "upgraded" controls that would prevent such information leaving its system.

The project on behalf of Bloomberg clients, called "message scraping," entailed Mr. Raaen, a business manager, combing through traders' messages to get better pricing information on financial products that are traded over the counter.

The messages included trade information and other confidential details from global banks including Barclays, Citigroup, Deutsche Bank, Goldman Sachs, HSBC, Nomura JPMorgan and Morgan Stanley.

(Read More: Cramer: Wall Street Firms Won't Ditch Bloomberg)

In one message from the Aug. 25, 2009, a trader at a large bank passed on the information to three of his clients at institutional investors and asset-management groups that he had sold $2 million in ING bonds at a price of $56 each: "LIFTED 2MM INTNED 8.439 $56, 2.75MM LEFT THERE."

In another message the same day, a trader at another bank passed on information to a broker dealer about the price a client was paying for Deutsche Telekom bonds: "DT 6⅝ 3/18 . . . BUYER €5M PAYING B 250 Z 130."

Mr. Winkler in his editorial echoed an earlier statement from Bloomberg chief executive Dan Doctoroff, saying the company had "never compromised the integrity of that data in our reporting."

Bloomberg News has not written about the privacy concerns, citing a policy that it does not cover its own company.

Mr. Winkler's editorial followed news that Bloomberg knew in 2011 about the privacy issue, but failed to close the loophole until Goldman's complaint in April.

(Disclosure: Bloomberg is a competitor of CNBC in reporting and distributing business news on the Web and on television.)

—Additional reporting by Martin Stabe in London, Michael Steen and James Wilson in Frankfurt and Paul J. Davies in Hong Kong.