Lost thumb drive causes breach at California Credit Union

Thumb drive

The Palm Springs Federal Credit Union recently notified an undisclosed number of members that a thumb drive containing their names, social security numbers and account numbers was lost.  The information was on a thumb drive as part of an audit process conducted by the National Credit Union Association, but the drive was lost and the current location of it is unknown. All impacted individuals were notified and offered a free year of identity protection services. Debbie  Pitigliano, CEO of Palm Springs Federal Credit Union wrote in a notification to customers that “We are currently unaware of any unauthorized access to member’s accounts or attempts to gain improper access.”

Stories like this are good reminders that organizations need a secure method of transferring large files. Here are a few things to be thinking about when it comes to large file transfer.

You need greater control over vendors 

There will be instances when working with a vendor such as an auditor that you may need to grant them access to confidential information. However, you need to maintain control while granting that access. Even had the external drive not been lost, the Palm Springs Credit Union still had no control over the data once it was in the auditor’s hands. With secure messaging with large file transfer, you can provide the information encrypted, password protected and with real-time tracking. You can also disable the forwarding and replying of the message that contains the information and recall it from the recipient’s inbox whenever you want without their permission.

The cost of a breach can be used to gain budget approval

It has become the norm for organizations that suffer a breach to offer affected customers a year of identity protection services. In the Palm Springs Credit Union case, we don’t know exactly how many people were affected but if it was an average sized breach that affected around 10,000 people, that’s a million dollar mistake not factoring in legal fees and employee time. As the cost of breaches continues to increase, that information should be presented to senior executives in order to gain budget approval for inexpensive tools that can prevent a breach from occurring in the first place.

External storage drives should be prohibited

There’s no reason to ever allow the use of risk-laden devices like thumb drives and external drives. In addition to being lost or stolen, they can be used to maliciously remove confidential information or can infect your network with malware. Secure Messaging with large file transfer can enable approved users to securely send a file of any size so you can explicitly prohibit external drives from your organization.

With cloud-based secure messaging and large file transfer solutions from Cirius, you can be live with users in minutes. Deployment does not impact your network. Users can send and receive secure messages and large files from their existing email inbox as well as from mobile and tablet devices. Sign up for a free trial to get started.

Image: 3D Data Security Chris Potter StockMonkeys.com 12.21.13