SACRAMENTO, Calif. – In this era of rampant identity theft, the last thing a credit union wants is for its member data to fall into the wrong hands. That's what potentially could have happened recently when a well-known credit union marketing firm had one of its computers stolen that contained member data for some 20 credit unions. On July 9 an office of PSB, The Marketing SuperSource based in Lake Forest, California was burglarized and the only thing stolen was a Compaq computer that contained among other things member data on approximately 20 credit unions. According to Mark DeBellis, president of PSB's financial division, investigators believe it was a crime of opportunity and not an intentional act to steal member data. “The thief just broke a window closest to the nearest computer and stole that computer,” said DeBellis, who noted that the company is located in a newer light industrial park in a good neighborhood. The theft actually occurred at a smaller facility next to PSB's main 45,000 square foot headquarters. “It's a standalone facility adjacent to our core building,” he said. The thieves also hit an adjacent telecommunications facility. “Fewer than 20 credit unions have been affected by this. We've communicated with everybody, we've tried to overcommunicate,” said DeBellis. DeBellis said PSB only needs member names and addresses to do its job, but sometimes credit union files contain more. “Data occasionally contains more than we need, that's not something we can control,” said DeBellis. But he said the firm plans on doing a better job of informing credit unions about what they do and do not need to send to them. Unfortunately for the $1 billion Schools Financial Credit Union based in Sacramento, it had much more than just member names and addresses sitting on PSB's stolen computer. Its members' social security and account numbers were also there. “It was from a pre-screen we did, which is a very common industry practice. We send a file of member data in to Experian and they use the social security numbers to go through a pre-screen and qualify members,” said Jim Jordan, president of Schools Financial CU. Basically the CU was looking to do a target marketing campaign, and uses Experian to identify members with certain criteria. For example it could seek out members with say a $40,000 car loan or a $10,000 credit card, to try to target market a specific product to them. “The laws allowing pre-screen require that anyone who meets the criteria must be given the offer,” said Jordan. As part of that Jordan said Experian has always required that the tape be sent right to the mailing house, so the CU did not have access to the tape to strip off the social security number. Jordan said he is now hearing that the credit union may be able to get the tape first. Experian did not return phone calls as of press time. “The attorneys used to always tell us it had to go to the mailing house. We're still evaluating everything. Our intent now is if we can have access to the tape, to take the social security numbers off,” said Jordan. Jordan said he and his management team decided to be as pre-emptive as possible with informing members. It has set up a hotline members can call at (800) 962-0990, and immediately mailed members information on the theft and what the credit union is doing to protect their information. These protective measures include enhanced monitoring of accounts for unusual activity, taking additional steps to confirm account holders' identities, changing account numbers upon request, and placing a Credit Reporting Alert on members' files at credit bureau services. The credit union is also paying for a one-year membership in Experian's Credit Manager (valued at $104.95) for all affected members. The service reviews credit reports daily and provides e-mail notification within 24 hours of any unusual activity. As for PSB, it plans on adding military-grade encryption on the front end to further protect the data. DeBellis said it's very unlikely any of the data stolen will be used for frauds such as identify theft given that all the files had comprehensive password protection. PSB has also decided to move all its data into its main, more secure building. “One of the things that has come from this is we have a real opportunity to really improve how information is being handled day to day. We hope our customers would realize that we are doing everything we can to protect the data. It was one of those things that was uncontrollable. We are taking steps to be better than ever before. We feel some good will come out of this,” said DeBellis. [email protected]