Security Breach
You may have heard that a credit card processor in Florida had a high ranking manager steal 2.3 million people’s information and sell it to a data broker., who in turn, sold it to some marketing companies.
That is our credit card processor.
We are waiting on the list to see if any of our members were part of this group. Fidelity should be getting it to us in the next few days. They are also sending a letter to every consumer involved.
The good news for us (we think) is that it was Certegy Check Services that was compromised and we do not use them for our check servicing. We may find very few, if any, of our members’ information compromised. The other piece of good news is that it doesn’t look like this guy sold it to identity thieves. It looks like, at this point, that 2.3 million people are just getting more solicitations than they should.
(I say this NOT trying to minimize the situation. The situation is awful. Nobody should steal another person’s information for any reason. However, it is important to note that the info went to marketing companies and not an organized crime ring)
Recently, I watched my colleagues weigh in on a security blunder at another credit union.. I took their comments and held them up to our own current situation.
Their first question was – how could they let this happen?
Well, I visited Fidelity last May and I was amazed by their security measures. Employees who touched consumer data wore bright colored, zip up jump suits with no pockets whenever they were on the premises. When they left at night, they were frisked by security guards in a special room. Every minute they were on the job, cameras were on them and special guards watched them, Las Vegas style.
I honestly thought, personally visiting the company and seeing for myself their security practices was conscientious due diligence. I was wrong.
Second critique – the letter the other credit union sent out was too vague and had too much legalese.
I have seen the letter that Certegy will be sending. It is long. It has a lot of detailed information – including the fact that they fired the employee and are pressing charges against him. There doesn’t seem to be a lot of legal speak in it. They provide a phone number for members to call with questions and information about other credit monitoring options.
Third critique – the other credit union didn’t sound remorseful enough and didn’t do enough to correct the situation.
I’m not exactly sure how to communicate to our members that we absolutely hate that this happened and we will figure out a way to make it right with anyone who may have been affected. I guess I can only say this; we are working hard on this one. We want to keep you informed, we want to correct the situation and we want to make sure it never happens again. To this we are committed.
At any rate, we will definitely keep you posted as we learn more. And if any member is on the list that Certegy sends us, we will be contacting you immediately.
Tony Mannor on July 9th, 2007 at 08:59 AM
Shari and Verity Team
Good luck in getting everything nailed down. I commend you on the excellent service that you are providing your members by letting them know what is going on – now rather than later.
It shows incredible character and integrity to first notify your members and make sure they are protected than to hide it and let them know after the other shoe drops. I hope your members know how lucky they are to be part of credit union that truly has their best interest at heart – and proves it in their actions.
Good luck with this new challenge, I am sure you will come out on top!
William From KY on July 11th, 2007 at 08:21 AM
Add this to the other security breaches this year and in the past few years. People need to be pro-active in watching their credit anyways. Scammers are selling these for like .50 cents a person on the black market. Start today protecting yourself. Watch out for companies that have you pay more for what the protection is worth. Call and talk to a financial adviser.
Will from USA on July 11th, 2007 at 08:22 AM
I got the letter
Jamie Chase on July 11th, 2007 at 08:47 AM
The extra information on your blog, providing context and background, goes a long way to show that you care about your members.
shari storm on July 11th, 2007 at 12:41 PM
@Jamie – thanks for the compliment. It’s good to have a PR company watching over our shoulder
@William – while I agree with you that every consumer needs to be diligent about watching their accounts and credit reports, I hesitate to bring up the word “black market” in this particular situation. At this point, in this situation, all evidence points to the information going to marketing companies who used it solely for the purpose of soliciting business. That is different than the more sinister connotation of an organized crime ring.
Ron Bensley, Jr. on July 24th, 2007 at 07:50 PM
Data security breaches by CC processors and by merchants are an alarming betrayal of the trust placed by end users in payment cards.
Verity CU is truly blessed with the kind of organizational DNA to communicate with its community, via this blog, about hot-button concerns like this.