Shari Storm

Security Breach

Shari Storm on July 7th, 2007 No Comments

You may have heard that a credit card processor in Florida had a high ranking manager steal 2.3 million people’s information and sell it to a data broker., who in turn, sold it to some marketing companies.

That is our credit card processor.

We are waiting on the list to see if any of our members were part of this group. Fidelity should be getting it to us in the next few days. They are also sending a letter to every consumer involved.

The good news for us (we think) is that it was Certegy Check Services that was compromised and we do not use them for our check servicing. We may find very few, if any, of our members’ information compromised. The other piece of good news is that it doesn’t look like this guy sold it to identity thieves. It looks like, at this point, that 2.3 million people are just getting more solicitations than they should.

(I say this NOT trying to minimize the situation. The situation is awful. Nobody should steal another person’s information for any reason. However, it is important to note that the info went to marketing companies and not an organized crime ring)

Recently, I watched my colleagues weigh in on a security blunder at another credit union.. I took their comments and held them up to our own current situation.

Their first question was – how could they let this happen?

Well, I visited Fidelity last May and I was amazed by their security measures. Employees who touched consumer data wore bright colored, zip up jump suits with no pockets whenever they were on the premises. When they left at night, they were frisked by security guards in a special room. Every minute they were on the job, cameras were on them and special guards watched them, Las Vegas style.

I honestly thought, personally visiting the company and seeing for myself their security practices was conscientious due diligence. I was wrong.

Second critique – the letter the other credit union sent out was too vague and had too much legalese.

I have seen the letter that Certegy will be sending. It is long. It has a lot of detailed information – including the fact that they fired the employee and are pressing charges against him. There doesn’t seem to be a lot of legal speak in it. They provide a phone number for members to call with questions and information about other credit monitoring options.

Third critique – the other credit union didn’t sound remorseful enough and didn’t do enough to correct the situation.

I’m not exactly sure how to communicate to our members that we absolutely hate that this happened and we will figure out a way to make it right with anyone who may have been affected. I guess I can only say this; we are working hard on this one. We want to keep you informed, we want to correct the situation and we want to make sure it never happens again. To this we are committed.

At any rate, we will definitely keep you posted as we learn more. And if any member is on the list that Certegy sends us, we will be contacting you immediately.

Shari Storm

No biography available.

Leave a Reply