The limited personal and financial data of nearly 86,000 Bethpage Federal Credit Union members were erroneously posted for a month on the Internet by a former employee, but that has not resulted in any fraud, its president and chief operating officer told media outlets Tuesday.
The announcement from Kirk Kordeleski, head of BFCU—the largest in the Northeast—accompanied letters, emails and phone calls to members regarding the leak, which is the first of its kind in the $4.8 billion credit union’s history. The blunder will cost BFCU $1-$2 million to remedy.
Only Visa debit card holders were affected, Kordeleski said, and the information that made it onto an unsecured website included those members’ names, addresses, dates of birth, expiration dates of cards, checking and savings account numbers. He stressed that it did not include affected members’ Social Security numbers, pin numbers or three-digit security codes (known as a CVV on the back of cards), and that no fraud has been detected.
“This is a data leak,” he explained. “It’s not a hack. No firewall was broken on our core system, no data was stolen in a way that you normally hear about these things. Someone literally posted something they shouldn’t to a website.
“We will guarantee that no one will lose money,” he added.
According to Kordeleski, the credit union was alerted to the mistake by the son of an employee who had discovered his information online after performing a Google search on himself. The file was taken down immediately, says the credit union head, and two security firms were hired to investigate the snafu. A female employee who had made the error subsequently resigned.
The credit union’s letter to members, which was also posted on its website, stated that in addition to standard fraud protection measures, fraud monitoring was placed on members’ accounts and debit cards.
All current members with a VISA debit card will have it replaced with a MasterCard debit card before June 30. BFCU is also offering individual credit monitoring at its expense for one year.
Kordeleski encouraged members with additional questions to call 800-628-7070 and press “Option 6” for additional information or also go to Bethpage Federal Credit Union’s website: www.bethpagefcu.com.
“We feel terrible about this,” he added. “We want our members to be aware, be safe and understand the issue that’s in front of them. We take everyone’s security and personal information, confidentiality, very seriously.”