We had some courier bags stolen last week which contained checks from other financial instutions and loan applications.

We are not convinced that this is not a internal courier theft. However, a police report has been filed. Does anyone know what our responsbilites are in notifying people?

Based on my research, I discovered that financials can determine the need to notfity members/customers based on the risk of indentity theft. Of course, the loan applicats have been notified but does anyone know what our responsibilites are to the other financials the check were drawn from? i am assuming that GLB and the privacy act would keep us from provide that information.

TIA! Sorry so long

A similar situation occurred at a bank in Oklahoma. We were contacted by the bank and given a list of the checks that were stolen.

We then contacted our own customers and had them close their accounts.

A safe assumption is that a theft is dangerous. The account numbers collected are at high risk for account take-overs, counterfeits, etc.

When in Doubt do the right thing and contact them. Its hard to swallow sometimes but honesty is always the best in the end.

These are the guidelines I used to create notices of security breaches to our customers:

Customer notification must be timely, clear and conspicuous and delivered in a manner that will ensure the customer is likely to receive it. The notification may be by phone or mail or if the customer agrees, electronic notice may be given.

The notice will:
• Describe the incident;
• Indicate the customer’s information that was possibly compromised;
• Provide a telephone number for the customer to call for additional information;
• Remind the customer to be alert for the next 12-24 months and promptly report any incidents of suspected identity theft;
• Inform the customer the bank will assist in correcting and updating any information in any consumer report, as required by the FCRA;
• Recommend that the customer notify each nationwide credit reporting agency to place a fraud alert in the customers consumer report;
• Recommend the customer periodically obtain and review credit reports;
• Inform the customer of the right to obtain a free credit report if the customer has reason to believe their report may contain fraudulent information; and
• Inform the customer of the Federal Trade Commission’s online guidance regarding prevention of identity theft.

The notice may:
• Provide a toll free telephone number for customer contact;
• Offer to assist the customer in notifying credit reporting agencies; and/or
• Inform the customer of subscription services that will notify the customer anytime there is a request for their credit report or offer to subscribe the customer to this service free of charge, for a period of time.

Include a statement such as the following at the top of the notice:

"This is not an advertisement for a product or service. Please read this entire letter as it contains important information on protecting your identity."


Be sure to copy notice along with instructions for corrective action support to Customer Support and Call Center personnel.


REPORT ALL SECURITY BREACH INCIDENTS TO BOARD.

REPORT TO REGULATOR IF BREACH INVOLVES SENSITIVE CUSTOMER INFORMATION*.

*Sensitive Customer Information: Customer’s name, address, or telephone number, in conjunction with: 1) SSN; 2) Driver’s License number; 3) Account number; 4) Credit or Debit card number; or, 5) PIN number, or; password or any combination of information allowing someone to log onto or access the customer’s account, such as user name and password or password and account number.