We got the list from Certegy regarding which of our members were affected by the security breach. There were 127 names on it. Those members will be getting a letter from Certegy.

We probably will not be sending a letter to those members. The reason is, well, complicated.

You see, those members’ information was not compromised through their relationship with us. The information that was obtained and sold was through a check verification program that Certegy has with other merchants. The fact that those members are also members of Verity is more coincidental than anything else. In fact, many of the people on the list do not even have credit cards with us. (Certegy, remember, is our credit card processor). The compromise happened because the members wrote a check at a merchant who uses Certegy to verify checks. It was that merchant /check verification file that was compromised – completely outside of Verity’s relationship with the member.

Does that make sense?

If any of the 127 people who get a letter want to change their account numbers, we will certainly do that for them. Although they should keep in mind that, at this point, the risk of fraud looks minimal and this may be an unnecessary inconvenience for them. We are watching those accounts every day. They are on priority alert and any suspicious activity will be reported to the member immediately and the account potentially closed.

Of course, this investigation is on-going and it is possible that new developments will arise. We will do our best to keep you posted.

For an audio explanation of what happened, I recommend listening to this press conference.

Shari Storm

No biography available.

2 Responses

  1. Jim Bruene says:

    It’s great to see such candor on the part of a financial institution. Thanks for showing a great example here Shari.

    But since most of those 127 don’t read the blog postings, wouldn’t a letter be great to clear up any confusion that Certegy letter may create? If a member gets a letter from some unknown third party referencing their Verity account, won’t they all be calling customer service a few minutes later to see if it’s some scam? Couldn’t you proactively reach out and answer their questions? I know you don’t want to create even more problems given the relative benign nature of this..

    I’ve been in your shoes and I understand the complications…just my 2 cents.

  2. Shari Storm says:

    @Jim: good pick up.

    The Certegy letter does not reference Verity in anyway. Our concern is that we might send a letter that causes even more confusion.

    Certegy told us of our members affected simply as a courtesy to us. One of our members could be on the list of several other financial institutions and merchants because Certegy services so many other companies. And remember, it was a merchant file that was sold, not a financial intuition file.

    So, as an example, John Q Member had his name and address sold to a marketing company, not because of his relationship with Verity Credit Union. The way his information was captured was through the check he cashed at a casino. The casino uses Certegy to verify checks and that was the file that was stolen. The fact that he is also a member of Verity was just a coincidence.

    If each of us sent a letter to our members/customers who were affected, that person could get many letters about the same incident, which, I would think, would be more confusing.

Leave a Reply to Jim Bruene