Vermont credit union discards unencrypted data of 85,000

Share this article:

Two unencrypted backup tapes from Vermont's largest credit union, the Montpelier-based Vermont State Employees Credit Union, are believed to have been accidentally thrown away.

How many victims? Up to 85,000 credit union members.

What type of personal information? Names, Social Security numbers, driver's license numbers, addresses, account information and transaction records.

What happened? The tapes were discovered missing during an inventory check in September. An internal investigation led credit union officials to believe the data had been thrown away.

What was the response? Notification letters were sent to customers Wednesday. The financial institution is providing one year of free year credit monitoring to victims. The credit union also set up a temporary call center for customers with questions.

Details: There have been no cases, so far, of customers reporting fraud due to the incident.

Quote: “[T]here was no indication of a crime, and no indication this information was used and every indication it was thrown out in the trash and is in the landfill,” Steve Post, the credit union's CEO.

A similar breach happened at TD Bank in March, where customers were notified that two backup tapes containing their personal data had been lost -- six months after the fact.

Source:, VSECU data for 85,000 customers ends up in landfill,” Oct. 24, 2012.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.