A server containing personal information for 33,800 members of Schools Financial Credit Union-as well as some 20 other financial institiutions, most of them CUs- was stolen from a Lake Forest, Calif.-based marketing company.
Both Jim Jordan, president and CEO of Schools Financial CU, and Mark DeBellis, president of the financial services division of PSB, The Marketing SuperSource, said police investigators characterized the crime as a simple theft, rather than an attempted identity theft.
According to Jordan, as of July 28, "No member data has been compromised. We are protecting our members to the fullest extent we know how to do. There has been no evidence of fraud, but we are taking all steps."
DeBellis said the server-whose contents were password protected-was targeted simply for its convenience.
"The opinion of the police was the thieves were looking for small items that could be carried off and sold quickly. This server was right by a door which was kicked in," he said. "Another business next door, a telecommunications firm, also was vandalized the same night and is trying to determine if any items were stolen."
Jordan said Schools Financial CU received a letter from PSB July 14, stating member records may have been compromised. On July 20, PSB confirmed that personal information for 33,800 of Schools Financial's 112,000 members was on the stolen server. The two companies worked over the weekend of July 23-25 to compile a list of affected members. On Monday, July 26, Schools Financial sent a letter to the members whose names, account numbers and Social Security numbers were in the server informing them of the theft. Jordan said the letter told members they will be given a free, one-year membership in the "credit manager" credit-monitoring product from Experian.
"This is an excellent product," Jordan said. "It sends members alerts if there are any inquiries, address changes or changes in credit status."
DeBellis said PSB has since moved personal data to a more centralized location. "In addition, we have incorporated military-level encryption software on all computers," he said.
At press time, PSB still was trying to determine the number of financial institutions whose members and customers might be affected. DeBellis said the number was no more than 20, and declined to identify them.
