Town Square

Post a New Topic

Stanford Credit Union accidentally releases member data

Original post made on Jun 12, 2014

Stanford Credit Union informed 18,000 members this week that their personal information was accidentally sent to another member after a name snafu.


Read the full story here Web Link posted Thursday, June 12, 2014, 4:06 PM

Comments (11)

 +   Like this comment
Posted by UC Davis Grad
a resident of Mountain View
on Jun 12, 2014 at 4:11 pm

Wait -- it took SIX WEEKS to notify affected Stanford Credit Union members of this security breach?

[Portion removed.]


 +   Like this comment
Posted by Cubberley neighbor
a resident of Greenmeadow
on Jun 12, 2014 at 5:06 pm

Strike three!
Moving our accounts outta there!!
Circus, indeed.


 +   Like this comment
Posted by Glenn
a resident of another community
on Jun 12, 2014 at 9:52 pm

I talked to SFCU today. It really was not that big of a deal. I asked questions, they answered and explained it. I feel better dealing with them much better than Bank of America for sure.

The receiving computer hard drive was wiped cleaned before anything was opened - I just think some people are over reacting, it wasn't a "breach".


 +   Like this comment
Posted by Just-The-Facts-Please
a resident of Another Palo Alto neighborhood
on Jun 12, 2014 at 10:15 pm

> The receiving computer hard drive was wiped
> cleaned before anything was opened

You get an email with a large attachment.

You get a call from the sender who says it was sent in error, and would you simply delete the email without opening the attachment.

Why would you "wipe" the disc clear before deleating the email?

"Wiping" (which would seem to imply a complete format) is the last thing I would do if someone sent me an email that had compromising data in it.

Once again, it seems like we are not getting the straight story here.


 +   Like this comment
Posted by Weelz
a resident of another community
on Jun 13, 2014 at 12:46 am

We closed our account there three years ago, after finally losing patience with their many mistakes. overcharges of interest on car loans, failure to correct or even admit blaring mistakes, etc.

They even moved our daughter's college fund to a different account with a new number without our knowledge or permission. Then, when we tried to draw on it, they bounced the check and refused to refund the overdraft fee ( they tried at first to tell us the account was closed).

I am so glad we fired them when we did!


 +   Like this comment
Posted by Stanford Grad
a resident of another community
on Jun 13, 2014 at 12:31 pm

This piece is almost word for word in the letter I received from SFCU. There is hardly any reporting here except for a rewrite of a press release. As someone impacted by this egregious security breach I am appalled by the shoddy reporting. We need someone to address important questions like
1. How is it possible for an employee of any bank to email such a sensitive document to an external person?
2. How could a bank have all the necessary information required for identify theft of 18000 people to be stored in one document?
3. How do the governing federal agencies view this security breach?
4. If they are confident that this is just a snafu why are they giving away 1 year credit monitoring for free - this wasn't reported by the weekly?
5. Why did it take them 6 weeks to let the affected parties? (Not unduly concern members, really!!!)

So what is the real story here.


 +   Like this comment
Posted by musical
a resident of Palo Verde
on Jun 13, 2014 at 12:46 pm

Sounds like business as usual. Nobody's perfect, and with today's technology we are provided with infinite ways to mess up.


 +   Like this comment
Posted by SCB94303
a resident of Adobe-Meadows
on Jun 13, 2014 at 3:14 pm

SCB94303 is a registered user.

I closed my account there because they would charge me $5.00 a month for inactivity when I made no transactions. I didn't believe that is justification for a charge. If you don't bother them at all they charge you for it?? My small account was getting totally eaten up by these fees.


 +   Like this comment
Posted by neighbor
a resident of another community
on Jun 13, 2014 at 3:51 pm

As Glenn pointed out there was no actual breach, and the human error -- admittedly hugely careless -- was immediately corrected before any data was accessed and that procedures were immediately enacted to prevent any similar recurrence.

I have personally had no problems with SFCU whatsoever in the last 15 years...in fact, they called me when they figured a way for me to have lower fees. How many banks give that sort of personal service?

A few years ago I closed out other accounts at both Bank of America and Wells-Fargo after serious personal security lapses at each bank. One of these banks allowed my financial accounts/history to be used in my former spouse's post-divorce real estate transactions despite my having taken the final divorce papers to the institution to prevent such an occurrence. The other institution continued to report a closed account as open to all 3 credit agencies for 5 years. Talk about sloppy.

I think the fact that SFCU has had a 67.5 % increase in assets since 2008 is at least partially attributable to it's growth in a satisfied membership.

But PAOnline continues to report any story -- particularly if it involves Stanford -- as a potential scandal, even when they don't have all of the facts. Witness this week's story, where "she-said-without-the-he-said constitutes the entire "news" story and comments that question articles are simply purged by the editor. It is amazing that this organization wins journalism awards, but these days journalism is a very different animal.


 +   Like this comment
Posted by Member
a resident of Los Altos
on Jun 17, 2014 at 6:51 am

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. (Wikipedia) First thing first, my account number, my credit information, my social security number which the credit union so cleverly tried to disguise by calling it my 'Tax ID' number coupled with my birth date, full name and address makes this data very sensitive and confidential. It was explained that this wasn't a breach of the bank security system, but the credit union failed to recognize the data was breached because someone transmitted my personal information to someone unknown to me and who more than likely viewed the data and possibly copied the data. I personally do not believe that the unauthorized person did not view the list that was emailed to him. How can Stanford Federal Credit Union guarantee that this unauthorized person did not copy my personal information to an external drive, a USB drive, the cloud or anywhere else? They CAN'T.

The CEO, Joan Opp, says trust and transparency are important, and yet it took over a month to notify customers about this breach. Yes, IT IS A BREACH, so call it what it is. Why did the CEO wait over a month to respond to this data breach? Common sense would have said, 'Inform you customers, IMMEDIATELY!' More distressing is that the credit union Board of Directors (sfcu.org), all employed by or previously employed by Stanford University and Stanford Hospital did not instruct the CEO to notify the 18,000 customers of this breach the day it happened. Unbelievable! These Stanford and former Stanford employees have access to the brightest people in the world. Within minutes of this data breach, any of these individuals could have consulted the Law School, the Business School, the Medical School, or Engineering and Technology, and they would have been informed of the consequences of not immediately notifying customers of a personal data breach. So if the CEO doesn't have enough common sense to inform customers of a data breach and doesn't have a competent legal team to consult with, then she definitely has a Board who does.

The credit union does not own my personal information. I entrusted Stanford Federal Credit Union to keep my money and personal information safe. The credit union CEO does not get to make the decision that my personal information, which fell into the hands of an unauthorized person, has or has not been breached. Stanford Federal Credit Union should let me and its customers decide for ourselves whether our personal information has been compromised. It is our personal information and we are the ones who suffer the consequences when our personal information is compromised. The credit union's customers should be given the opportunity to act immediately to protect themselves. The CEO who made the decision to delay notification took this opportunity away from us. The 'internal error' was not the human error of an individual who accidently emailed the data to an unauthorized non credit union person. The internal error was by the credit union's CEO who intentionally waited over a month to communicate this data breach to me and 17,999 Stanford Federal Credit Union customers. I will be closing my accounts with this credit union.


 +   Like this comment
Posted by Sandra
a resident of Charleston Gardens
on Aug 26, 2014 at 9:50 am

There could be any mistakes until they don't threaten the security of personal data. I hope it was not a serious problem. [Portion of comment removed due to promoting a website.]


Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Email:


Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields

Politics: Empty appeals to "innovation"
By Douglas Moran | 13 comments | 1,581 views

Marriage Underachievers
By Chandrama Anderson | 0 comments | 1,571 views

A Surprise!
By Cheryl Bac | 0 comments | 1,499 views

Best High Dives to Watch the Game
By Laura Stec | 4 comments | 992 views

It's Dog-O-Ween this Saturday!
By Cathy Kirkman | 2 comments | 783 views