Business & Economy

VSECU data for 85,000 customers ends up in landfill

Officials at VSECU, the state’s largest credit union, have notified consumers that two unencrypted backup data tapes loaded with customer identification information were mistakenly thrown away and ultimately disposed of in a landfill last month.

The data files contained names, Social Security numbers, addresses, driver’s license numbers, financial account information and transaction records for as many as 85,000 credit union customers. The records were from 2002 to 2012. The data has not been compromised, officials say, because the information was not stolen.

Steve Post, the CEO of VSECU, sent notification letters on Wednesday to customers.

The tapes were discovered missing from an off-site storage facility in early September after a routine inventory check. Post said the credit union conducted an internal audit investigation and determined that the data tapes had been inadvertently thrown away and ended up in a landfill. The tapes now covered in garbage, he said, are “irretrievable.”

“The investigation was extensive, there was no indication of a crime, and no indication this information was used and every indication it was thrown out in the trash and is in the landfill,” Post said.

Post says the data has not been stolen and hence there has not been a security breach. “We don’t think of it that way,” he said. “Human error caused this outcome.”

No one yet has complained of data loss, Post said. VSECU is offering a credit monitoring service to all customers for a year.

The credit union contacted the Department of Financial Regulation five days after the problem was discovered. Officials also called the Federal Bureau of Investigation and federal regulators.

VTDigger is underwritten by:

VSECU is taking steps to improve its security procedures. Post said the credit union will ensure in future that all tapes in future are encrypted.

The credit union has created a temporary call center in anticipation of a large number of queries.

“We are taking a look at every point of operation to ensure this or something like this never happens again,” Post said. “The message for our members is, we want to hear from you. We will take all steps necessary to make sure this never happens again.”

Steve Kimbell, the commissioner of the Department of Financial Regulation, said the credit union was taking appropriate steps to address the security lapse. This is the first time there has been a data lapse financial institution in the two years he’s served as commissioner.

Data breaches at financial institutions fall under the jurisdiction of the Federal Deposit Insurance Corp.

TD Banknorth recently misplaced backup data tapes with personal information from customers in March. The bank notified customers in Maine and New Hampshire earlier this month.

Want to stay on top of the latest business news? Sign up here to get a weekly email on all of VTDigger's reporting on local companies and economic trends. And check out our new Business section here.


Anne Galloway

About Anne

Anne Galloway is the founder and editor of VTDigger and the executive director of the Vermont Journalism Trust. Galloway founded VTDigger in 2009 after she was laid off from her position as Sunday editor of the Rutland Herald and Times Argus. VTDigger has grown from a $16,000 a year nonprofit with no employees to a $2 million nonprofit daily news operation with a staff of 25. In 2017, Galloway was a finalist for the Ancil Payne Award for Ethics, the Al Neuharth Innovation in Investigative Journalism Award and the Investigative Reporters and Editors FOIA Award for her investigation into allegations of foreign investor fraud at Jay Peak Resort.

Email: [email protected]

Follow Anne on Twitter @GallowayVTD

Send us your thoughts

VTDigger is now accepting letters to the editor. For information about our guidelines, and access to the letter form, please click here.


Recent Stories

Thanks for reporting an error with the story, "VSECU data for 85,000 customers ends up in landfill"