This page contains a single entry from the blog posted on November 8, 2008 3:28 PM. The previous post in this blog was Span plans that you can scan. The next post in this blog is Technical difficulties. Many more can be found on the main index page or by looking through the archives.

E-mail, Feeds, 'n' Stuff

Saturday, November 8, 2008

Data breach at OnPoint Credit Union

We got this in the mail today.

Comments (7)

Feels crappy! I know. Just heard this one from the NYT.... apparently I'm one of the "millions"!
" Federal Bureau of Investigation is investigating an extortion letter threatening to expose millions of patient records stolen from Express Scripts, a medical benefits management company."


I had the same thing happen with Pioneer Trust in Salem about 18 months ago. A consulting firm lost a laptop with customer data. I wonder if it was the same firm?

They mailed it to you, huh? Don't they have your e-mail address? I sure would not wait a couple of days for this news.

Atleast as date breaches go, this is pretty minor, no SSN's etc.... I heard from someone I know with OnPoint that the auditing company in question isn't working with/for OnPoint anymore. Good!

Yup, we got ours too. They say nothing of great importance has been stolen. As Cd's mature we are outa there.

I don't know that it's that bad.

There is no excuse for this kind of data breach. Encryption products are free, easy to use, and make it practically impossible for a thief to use the data. See, e.g., http://www.truecrypt.org/.

Even though this particular breach appears to be minor, it suggests to me either that the auditing firm is clueless about technology (bad) or not detail oriented (even worse.) I don't understand why financial institutions don't get their auditing firm to promise that the data be stored in encrypted form at all times. Not using encryption seems like asking to be sued for breach of fiduciary duty.

Unfortunately, their Fusion account has benefits I have been unable to match elsewhere, so I'm sticking with these guys although I'm writing a letter to to suggest they get their auditing firm to use encryption in the future or to find a new auditing firm.

Clicky Web Analytics