Vermont State Employees Credit Union (VSECU) Data Breach

BreachAccording to this report, 80,000 Social Security numbers and personal financial information for members of the Vermont State Employees Credit Union have been lost as a result of “human error.”

As expected, the response to this breach is typical, when the CEO stated that the tapes are “at the bottom of a landfill,” and “they’re not retrievable.” Unfortunately, we can’t be certain of this, as proving that the tapes are not at the bottom of a landfill, and in in someone else’s hands, is proving a negative, which cannot be done.

What could VSECU have done to prevent this? In addition to more stringent policies and procedures and security awareness training for those individuals handling the tapes, the contents of the tapes themselves could have been encrypted so that, should the tapes fall out of the chain of custody of the organization, it would be nearly impossible for anyone else to retrieve the information kept on them, and 80,000 credit union members’ information would be more secure.

Comments are closed.