Kirk Kordeleski, the CEO of Bethpage Federal Credit Union, said the exposure of personal information from up to 86,000 of the credit union's 205,000 members happened because a staff member inadvertently uploaded a file containing the information onto a in insecure website.
“She believed the website was secure. It had a password,” Kordeleski said Wednesday. “But it was not.”
Kordeleski added that the staff member was no longer with the credit union, and media outlets have reported she resigned.
The site that the staff member used was one the Bethpage, N.Y., credit union uses to move large files such as photos and other graphics, Kordeleski explained.
The $4.7 billion Long Island credit union had been sending the data to the firm it uses to generate member mailings, Kordeleski said, in conjunction with a conversion of its debit card portfolio from Visa to MasterCard branded cards.
Kordeleski said the data had been on the unsecured site for 30 days, long enough for Google to have indexed it. But he added that security firms that the credit union consulted said only a few Internet users appeared to have viewed the data.
He also said Bethpage considered the risk of ACH fraud from the data spill was remote. While the exposed data would be enough to generate an ACH withdrawal, such withdrawals required the person withdrawing the funds to have a deposit account.
Under the terms of the know-your-customer or know-your-member rules, it is considered very difficult to generate a fraudulent ACH withdrawal without being caught, Kordeleski said.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
