THE MAILING FIASCO OF 2007
Immediately after beginning his appointment as President of Priority One Credit Union on January 1, 2007, President Charles R. Wiggington, Sr. incurred three major setbacks within the first three months of his administration. These were:
- The debacle with transferring information about Inland Counties FCU's members into Priority One's database
- The discovery that one of President Wiggington's hand-picked AVP's had been kiting- a federal offense; and
- The mailing of ballots to members in envelopes on whose exterior were printed account and social security numbers belong to members.
It was not only a disastrous start but possibly an omen of things to come. What's more, President Wiggington's decision to select an AVP who was kiting and his mailing of ballots in envelopes on whose exterior were printed member social and credit union account numbers were both entirely avoidable had he chosen to adhere to the credit union's established security protocols. Not only did he not comply, he refused to.
The 2007 Election
Each year, Priority One conducts elections to elect Directors and Supervisors to fill vacant seats on the Board of Directors and/or Supervisory Committee.
In 2007, the President ordered the IT Supervisor to create a disk on which were contained information about all active members in good standing. The information would be sent to the credit union's printing company who would create ballots that would be mailed to the list of members whose names were provided on the disk. Prior to Charles R. Wiggington, Sr.s appointment to President, a sample batch of envelopes containing ballots, were always given to the President who in those days was William E. Harris. Mr. Harris accompanied by the Director of Marketing, would review the sample batch to ensure there were no errors involving the intended mailing.
In 2007, this all changed when President Wiggington not only refused to review the disk containing information about the members who were to be sent ballots but he also refused to review the batch of sample ballots that were handed to him prior to the mailing. At the time, his excuse for refusing to review the sample ballots was simply, "I'm President, I don't do that." And so, ballots were mailed to members in envelopes on whose exterior were printed member account and social security numbers.
When news of the error reached the President he immediately denied all accountability and said the mistake had been caused by the IT Supervisor. The lazy Board, accepted the President's statements as fact without actually investigating the incident or speaking to the IT Supervisor and upon President Wiggington's advice, suspended the IT Supervisor instead of terminating him.
The President issued a letter to all members apologizing for the incident and offering every member a one-year free subscription to EQUIFAX. Members who accepted the offer, received alerts from EQUIFAX whenever activity occurred on their credit report. President Wiggington's very avoidable error cost the credit union more than $100,000 to rectify.
A few weeks following his suspension, the IT Supervisor resigned, embarrassed by the entire incident and only after realizing that President Wiggington used him as a scapegoat for a situation the President created. Here are some links we've located that pertain to the breach caused entirely by President Wiggington:
The following post, published on the Internet, was written by Steve Bass, a member of Priority One. The post is Mr. Bass' reaction to the breach caused by the credit union.
Priority One Credit Union's security breach 2007-05-31
I'm watching my credit union account like a hawk. That's because Priority One Credit Union -- the one I use -- had a security breach that was stunning.They recently sent election ballots to members. Printed on the outside of the envelope were some numbers. The first was our account number.
That might not have been enough to help with anyone intent on identity theft, so they also printed my social security number on the envelope.
I received a letter the other day. They told me they deeply regretted the inconvenience. Me, too.
I see it as much more than an inconvenience. I also doubt that their "top priority is my privacy and security," otherwise this wouldn't have happened.
The letter, from Charles R. Wiggington, Sr. CEO and President, goes on to say they "take the security of [my] information so seriously" that they plan to implement enhancements" to ensure this won't happen again. I think one enhancement ought to be the dismissal of the person who made the egregious error.
They're providing a one-year free Equifax subscription, a minimal response for such a substantial error. I think it ought to be a law that any agency guilty of a security breach should be forced to make a one-year commitment to help if the person becomes a victim of identify theft.
In the meantime, I'm keeping close watch on my account balance.