GLENDALE, Calif. – Burglars broke into the main offices of the $1 billion The California Credit Union here over the weekend of November 15-16 and made off with a hard drive containing thousands of members’ personal financial information. The thieves did not take the whole computer but took only the hard drive, raising the possibility that they may have known what they were looking for, acknowledged Sandy Serpas, an Administrative Services manager with the credit union. But Steve O’Connell, CFO for the credit union, stressed that law enforcement investigators were still in the early stages and the sophistication of the theft was still unknown. “We wouldn’t want to speculate on any direction the investigation might take,” O’Connell said. The credit union confirmed that 49,000 members’ information was compromised in the theft and said that they began contacting members as soon as it became clear that the drive was among the items missing. Members’ names, addresses, account numbers and social security numbers were on the drive. Drivers’ license numbers and birthdates were not, the credit union said. The data compromised ran the spectrum of credit union products, including everything from share and share draft accounts, to credit cards, auto loans and mortgages, O’Connell explained. In addition to the local police, the U.S. Secret Service has also taken a role in the case, O’Connell confirmed. He further added that, as of the first week of December, there had not been any indications of attempted identity theft on any of the compromised accounts. The credit union has set up a special hotline for members concerned that their financial information may have been compromised or who had been notified that it was compromised. The credit union also announced that it planned to take special precautions with the compromised member accounts for the next year, including taking special steps whenever any account information was changed to make sure to identify the member seeking to make the changes. Other measures the credit union is taking include paying the cost of a one-year subscription to one of the credit monitoring services sponsored by the national credit bureaus. These services notify consumers whenever anyone seeks to open new lines of credit in their names or if there is any other “unusual” activity in their credit files. Additionally, the credit union has put so-called Credit Reporting and Security Alerts on those members’ files with the credit bureaus. The Alerts notify the credit bureaus of potential security problems with the files and will last for 180 days. But card security experts familiar with identity theft said that criminals interested in stealing identities have been growing steadily more sophisticated and savvy about the precautions institutions like The California Credit Union take to counter data compromise. “I wouldn’t be surprised if anyone who bought this data or otherwise obtained it knows enough to wait until after 180 days to try to use it,” said Allan Trosclair, a bank card security expert with BFS, a security consulting firm headquartered in Phoenix, Arizona. “After all, this is live data we are talking about here,” Trosclair noted. Trosclair estimated that, from the right buyers, the credit union’s data could bring the thieves as much as a $1,000 per name on the black market for financial data, because the buyers know that with a little luck they can turn their investment into thefts worth many more thousands. Barry Smith, president of the firm, agreed and said that credit union members who had their data compromised in the theft may have to continue monitoring their credit for longer than the one year provided for in the free subscription to the credit monitoring service. “If there are incidents of attempted credit card fraud on some of these accounts, it may be that credit union members may have to monitor their credit accounts for more than the first year,” he explained. Fifty percent of identity theft is caught by consumers being notified by one of the monitoring services, Smith added. Both executives noted that the credit union had done the right thing by acknowledging the theft of the data and seeking to help its members address any potential fraud, but both men also said the theft indicated that a full review of security procedures for safeguarding member data may be necessary. Trosclair questioned in particular why any members’ financial information was resident on any individual hard drives at the credit union. He pointed out that increasing numbers of institutions are going to a server-based system for storing member data, a system where an executive or staff member can call up a member’s account to query it or change it, but would not allow any of that information to remain resident in single computers or hard drives. Such an approach, he also pointed out, would allow the credit union to keep better track of who is allowed to see and change member information, as well as record the occasions when they do so. The hard drive theft is the second significant fraud incident to take place in less than two months. In November PSCU Financial Services, a card processing cooperative for more than 500 credit unions which process their cards on the First Data platform, reported that 66 of its member credit unions had lost $1.6 million to a credit card theft ring which was supplied in part with credit union cardholder information from a 10-year PSCU employee. -

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?


NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2024 ALM Global, LLC. All Rights Reserved.