Credit unions that rely on paper documents for their daily operations are substantially increasing their chances of a data breach and are risking their member relationships and their credit union’s reputation by not properly securing their sensitive documents and member data. Lost, stolen, and improperly discarded documents are the primary contributors to identify theft, and according to FTC’s Consumer Sentinel Network database, one out of four instances of identity theft result in a financial loss to the victim. The recovery costs made by credit unions account for neither the catastrophic and irreversible damage that can be done to the credit union’s relationship with any impacted member nor, even more importantly, the permanent damage to the credit union’s reputation.
A recent Bluepoint Solutions survey indicated that 76% of credit unions nationwide still rely heavily on paper documents, making the scope of the problem so large as to make it an industry-wide problem. The following three cases are recent, real world examples of data breaches; there were more than 1,600 instances of known data breaches in 2012 alone. These resulted in not only financial losses to the victims but also substantial recovery costs and reputational damage to the institutions where they occurred.
Credit unions frequently move locations or open new branches, creating the opportunity for boxes of paper documents with sensitive information to be mishandled and lost. As the instances below illustrate, losing just one box can impact thousands of members and result in a serious blow to the credit union’s reputation and significant costs.
In 2009, a Massachusetts credit union moved branch locations — including boxes filled with financial documents that contained confidential member information. When just one of the boxes didn’t show up at the new location, the credit union notified state authorities that it had lost account information — including name, address, and account social security numbers — for nearly 10,000 members.
One year later, a Los Angeles credit union had to notify up to 28,000 members that they could have possibly been the victims of a data breach when the credit union failed to securely transport files during an office relocation. Personal contact information, account numbers, and social security numbers were put at risk. The credit union supplied two years of free credit monitoring to members who were affected by the breach.
Every credit union depends on its employees to keep running. However, sometimes employees can become a major threat to your data security. No matter how small or large your credit union is, insider theft is always a potential risk. Often these insiders are not acting alone but are part of a larger organized effort that uses stolen data to systematically defraud consumers.
In Minnesota in 2012, a bank employee was convicted of stealing customer information, including personal identification information and account numbers, and using it to create counterfeit checks and false identification documents that were presented at retail stores and banks for cash. Financial institutions and business in 14 different states were impacted and losses reached nearly $2 million, including almost $40,000 of losses to account holders at the employee’s bank. No less than 12 other individuals were convicted of taking part in the conspiracy, which went undetected for more than six months.
Sometimes the way a document is thrown away is more dangerous than how it is used. Dumpster Diving takes on a whole new meaning as the haphazard disposal of important documents happens every day at all types of organizations across the country. One of the most common examples of this is throwing away old paper documents without shredding or otherwise destroying them.
A recycling dumpster outside a credit union in Washington was found to contain unshredded member documents with sensitive information in plain sight, including names with account numbers and social security numbers. In Nevada, 40 boxes of documents were found intact and improperly thrown away in an unsecured dumpster. The documents contained confidential identity and account information including loan applications, credit reports, and bank statements.
The examples of mishandled paper documents leading to costly data breaches are endless, and with the majority of credit unions reliant on paper documents, the risks are widespread and pervasive. Credit unions nationwide should proactively manage their documents to reduce the risk of a data breach and protect their members from identify theft and the resulting financial fraud. To learn more about paper usage and the challenges of managing content for credit unions today, click here to download the industry survey report, “The State of Content Management in Credit Unions.”
Andrew Tilbury is the chief marketing officer of Bluepoint Solutions.