Post a New Topic
Original post made
on Jun 12, 2014
Wait -- it took SIX WEEKS to notify affected Stanford Credit Union members of this security breach?
Moving our accounts outta there!!
I talked to SFCU today. It really was not that big of a deal. I asked questions, they answered and explained it. I feel better dealing with them much better than Bank of America for sure.
The receiving computer hard drive was wiped cleaned before anything was opened - I just think some people are over reacting, it wasn't a "breach".
> The receiving computer hard drive was wiped
> cleaned before anything was opened
You get an email with a large attachment.
You get a call from the sender who says it was sent in error, and would you simply delete the email without opening the attachment.
Why would you "wipe" the disc clear before deleating the email?
"Wiping" (which would seem to imply a complete format) is the last thing I would do if someone sent me an email that had compromising data in it.
Once again, it seems like we are not getting the straight story here.
We closed our account there three years ago, after finally losing patience with their many mistakes. overcharges of interest on car loans, failure to correct or even admit blaring mistakes, etc.
They even moved our daughter's college fund to a different account with a new number without our knowledge or permission. Then, when we tried to draw on it, they bounced the check and refused to refund the overdraft fee ( they tried at first to tell us the account was closed).
I am so glad we fired them when we did!
This piece is almost word for word in the letter I received from SFCU. There is hardly any reporting here except for a rewrite of a press release. As someone impacted by this egregious security breach I am appalled by the shoddy reporting. We need someone to address important questions like
1. How is it possible for an employee of any bank to email such a sensitive document to an external person?
2. How could a bank have all the necessary information required for identify theft of 18000 people to be stored in one document?
3. How do the governing federal agencies view this security breach?
4. If they are confident that this is just a snafu why are they giving away 1 year credit monitoring for free - this wasn't reported by the weekly?
5. Why did it take them 6 weeks to let the affected parties? (Not unduly concern members, really!!!)
So what is the real story here.
Sounds like business as usual. Nobody's perfect, and with today's technology we are provided with infinite ways to mess up.
I closed my account there because they would charge me $5.00 a month for inactivity when I made no transactions. I didn't believe that is justification for a charge. If you don't bother them at all they charge you for it?? My small account was getting totally eaten up by these fees.
As Glenn pointed out there was no actual breach, and the human error -- admittedly hugely careless -- was immediately corrected before any data was accessed and that procedures were immediately enacted to prevent any similar recurrence.
I have personally had no problems with SFCU whatsoever in the last 15 years...in fact, they called me when they figured a way for me to have lower fees. How many banks give that sort of personal service?
A few years ago I closed out other accounts at both Bank of America and Wells-Fargo after serious personal security lapses at each bank. One of these banks allowed my financial accounts/history to be used in my former spouse's post-divorce real estate transactions despite my having taken the final divorce papers to the institution to prevent such an occurrence. The other institution continued to report a closed account as open to all 3 credit agencies for 5 years. Talk about sloppy.
I think the fact that SFCU has had a 67.5 % increase in assets since 2008 is at least partially attributable to it's growth in a satisfied membership.
But PAOnline continues to report any story -- particularly if it involves Stanford -- as a potential scandal, even when they don't have all of the facts. Witness this week's story, where "she-said-without-the-he-said constitutes the entire "news" story and comments that question articles are simply purged by the editor. It is amazing that this organization wins journalism awards, but these days journalism is a very different animal.
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. (Wikipedia) First thing first, my account number, my credit information, my social security number which the credit union so cleverly tried to disguise by calling it my 'Tax ID' number coupled with my birth date, full name and address makes this data very sensitive and confidential. It was explained that this wasn't a breach of the bank security system, but the credit union failed to recognize the data was breached because someone transmitted my personal information to someone unknown to me and who more than likely viewed the data and possibly copied the data. I personally do not believe that the unauthorized person did not view the list that was emailed to him. How can Stanford Federal Credit Union guarantee that this unauthorized person did not copy my personal information to an external drive, a USB drive, the cloud or anywhere else? They CAN'T.
The CEO, Joan Opp, says trust and transparency are important, and yet it took over a month to notify customers about this breach. Yes, IT IS A BREACH, so call it what it is. Why did the CEO wait over a month to respond to this data breach? Common sense would have said, 'Inform you customers, IMMEDIATELY!' More distressing is that the credit union Board of Directors (sfcu.org), all employed by or previously employed by Stanford University and Stanford Hospital did not instruct the CEO to notify the 18,000 customers of this breach the day it happened. Unbelievable! These Stanford and former Stanford employees have access to the brightest people in the world. Within minutes of this data breach, any of these individuals could have consulted the Law School, the Business School, the Medical School, or Engineering and Technology, and they would have been informed of the consequences of not immediately notifying customers of a personal data breach. So if the CEO doesn't have enough common sense to inform customers of a data breach and doesn't have a competent legal team to consult with, then she definitely has a Board who does.
The credit union does not own my personal information. I entrusted Stanford Federal Credit Union to keep my money and personal information safe. The credit union CEO does not get to make the decision that my personal information, which fell into the hands of an unauthorized person, has or has not been breached. Stanford Federal Credit Union should let me and its customers decide for ourselves whether our personal information has been compromised. It is our personal information and we are the ones who suffer the consequences when our personal information is compromised. The credit union's customers should be given the opportunity to act immediately to protect themselves. The CEO who made the decision to delay notification took this opportunity away from us. The 'internal error' was not the human error of an individual who accidently emailed the data to an unauthorized non credit union person. The internal error was by the credit union's CEO who intentionally waited over a month to communicate this data breach to me and 17,999 Stanford Federal Credit Union customers. I will be closing my accounts with this credit union.
There could be any mistakes until they don't threaten the security of personal data. I hope it was not a serious problem. [Portion of comment removed due to promoting a website.]
Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.
Post a comment
Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online.
Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information
We prefer that you use your real name, but you may use any "member" name you wish.
Select your neighborhood or school community: * Not sure?
- Barron Park
- Charleston Gardens
- Charleston Meadows
- College Terrace
- Community Center
- Crescent Park
- Downtown North
- Duveneck/St. Francis
- Embarcadero Oaks/Leland
- Esther Clark Park
- Evergreen Park
- Greater Miranda
- Green Acres
- Greendell/Walnut Grove
- Leland Manor/Garland Drive
- Meadow Park
- Monroe Park
- Old Palo Alto
- Palo Alto Hills
- Palo Alto Orchards
- Palo Verde
- South of Midtown
- St. Claire Gardens
- The Greenhouse
- Triple El
- University South
- Woodland Ave. area (East Palo Alto)
- Addison School
- Barron Park School
- Duveneck School
- Egan Middle School (Los Altos)
- El Carmelo School
- Escondido School
- Fairmeadow School
- Gunn High School
- Hoover School
- JLS Middle School
- Jordan Middle School
- Juana Briones School
- Nixon School
- Ohlone School
- Palo Alto High School
- Palo Verde School
- Santa Rita (Los Altos)
- Terman Middle School
- Walter Hays School
- another community
- Another Palo Alto neighborhood
- East Palo Alto
- Los Altos
- Los Altos Hills
- Menlo Park
- Mountain View
- Portola Valley
Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.
Local picks on 2015 Michelin Bib Gourmand list
By Elena Kadvany | 5 comments | 3,199 views
Ode to Brussels Sprout
By Laura Stec | 20 comments | 2,477 views
Go Giants! Next Stop: World Series!
By Chandrama Anderson | 1 comment | 1,861 views
By Cheryl Bac | 0 comments | 1,159 views
Politics: Empty appeals to "innovation"
By Douglas Moran | 6 comments | 977 views
Home & Real Estate
Shop Palo Alto
Send News Tips
Circulation & Delivery
Mountain View Voice
© 2014 Palo Alto Online
All rights reserved.