PALM SPRINGS, Calif.—A small credit union here is claiming it was the victim of a data breach after an NCUA examiner lost a flash drive filled with member information.
According to a letter to the members of $13 million Palm Springs FCU, the information was lost on or around Oct. 20 during an examination. The CU does not know if the drive has been "inadvertently destroyed or if it was acquired by an unauthorized person," according to the letter.
NCUA confirmed the loss of the flash drive, but said in an e-mail to Credit Union Journal that the drive did not include any members' passwords or PIN numbers. "NCUA has received no indication of any unauthorized access to members' accounts or attempts to gain unauthorized access," the e-mail said. The regulator is working with the CU to alert members to the situation, and complying with California state laws on the issue as well.
When asked if the examiner who lost the thumb drive is still employed by the agency, a spokesperson said he could not comment on personnel matters.
In a statement of its own, NAFCU didn't mince words.
"This is unacceptable," said NAFCU's president and CEO Dan Berger. "NCUA is a steward of credit unions' sensitive information and must be held to the highest standard for safeguarding such data. These types of errors have the ability to do great harm to credit unions' reputations and their members' financial well-being. We charge NCUA with taking all steps necessary to review their processes in a transparent way to ensure this type of mistake does not happen again."
CUNA's EVP and general counsel Eric Richard echoed those concerns.
"We are deeply concerned about this event," he said in a statement. "NCUA examiners are charged with promoting hte safety and soundness of credit unions, not putting it at risk. NCUA should conduct a thorough review of the situation to see what steps it can take to make sure that nothing like this happens again. Trust in the agency is at stake."
The breach at Palm Springs FCU comes less than one month after CUNA wrote a letter to the regulator calling on it to streamline the examination process by incorporating more technology.
The letter to Palm Springs FCU members offers instructions on what members can do to protect their accounts and monitor transactions. The credit union has also paid for one year of credit monitoring for its 1,580 members.
Credit Union Journal has reached out to Palm Springs FCU for comment but has not yet received a call back. This story will be updated as it develops.