« “SunPlus” Opt-out Instructions Webmin, Rackspace and Securing Servers »
Security Breach at EmigrantDirect
Posted December 6, 2006 – 3:06 pm by Yakov Shafranovich in Spam and EmailI had a high interest savings account with EmigrantDirect for about 1 1/2 years. About July of 2006 this year, Emigrant switched their providers for online banking, resulting in a new interface for their website. Shortly after that switch, I have begun to get spam messages on the email address that is only used for EmigrantDirect before the switch. I contacted their old provider, MetaVante, who did a search of their systems and did not find any incidents. HOWEVER, when I contacted Emigrant, they confirmed the problem as you can see from the email reply below:
Thank you for contacting EmigrantDirect. Kindly accept our apologies for any inconvenience these unsolicited emails may have caused you. We are aware of the situation and are currently investigating the matter. Please forward us a copy of those e-mails you are receiving to customerservice@emigrantdirect.com and we will escalate this matter to our security department for a proper investigation.
This means that somehow their customer information (including my account) was stolen sometime before the switch to their new system happened in July (maybe that’s why they switched?). Now the interesting question, is that Emigrant is based in NY state which has a mandatory reporting law as seen in this form. I asked Emigrant whether they plan on doing so and got the following reply:
Thank you for contacting us. We have forwarded your email to our Legal Department.
Given that aside from my email address, other sensitive information such as my social security number may have been stolen, I closed my account with them and moved over to HSBC. UNTIL THEY ARE MORE FORTHCOMING ON THE ISSUE, I RECOMMEND THAT EVERYONE SWITCHES AWAY FROM THEM AS WELL. You never know what information they lost.
On a closing note, I am not the only one having this issue. Here are links to some of the other people who have seen this behavior as well:
o Motley Fool’s forums - 1, 2, and 3
o Comments at FiveCentNickel - see #2
o ArtTechnica forums - here
o A post on BankDeals - here and comments here
o Comments on SlickDeals - here
This type of thing has happened before with AmeriTrade.
P.P.S. Spam samples available upon request.
Tags: finance, security, spam —
Permalink | Trackback URL | This post has
2 Responses to “Security Breach at EmigrantDirect”
i just decided to look at the e-mail headers in my Junk Mail folder and too noticed a bunch of messages sent to an alias that I only gave to Emigrant Direct. I think that as soon as I have another account to move my money to I will also be closing my account. I’ve had other problems with them including a very difficult transition from that old system to the new one, and their inability to always credit my interest on the last day of the month (sometimes it’s the last day and others it’s the first of the next month). Their explanation for that one is quite flaky… something like “Our back end systems credit the interest on the last day of the month, but the front end web site isn’t updated till that night so it shows up as being credited on the first of the month. It shows up on your statement as the last day of the month because we know people will be upset and confused if they don’t see their interest credited on the last day of the month.” Darn Right I’m confused as to why your systems don’t match up and you don’t see this as a problem. I’m also afraid to setup a Transfer on Death beneficiary on my account, because their website makes it sound like I’ll have to close my account and open a new one if I ever want to change it, but one customer service rep says that’s not true, and another one says it is true… They can’t all agree on an answer to that one either.
So yeah, they have their heads up their you know whats, and after this SPAM incident I think it’s time to start looking elsewhere.
By Alex Carlock on Dec 19, 2006
I have an EmigrantDirect account and have had nothing but problems with them. Their protection of confidential information is poor and their customer service is unresponsive.
By John on Dec 26, 2006