topic Re: USAA Members: MUST READ in Credit Cards

[UPDATE] USAA Members: MUST READ

Anonymous — Wed, 10 Apr 2013 23:01:12 GMT

Today I discovered a major security flaw with USAA. I logged in to my account to "view documents" and lo and behold I had access to my documents and other USAA memebers' documents.

What??!!

Yep, USAA admitted faulty IT implementations that allowed all USAA members to view everyone else’s documents.

The concern is not only privacy but ID theft. I have Tax documents that show my full blown SSN. And other USAA members had access to that!! Are you F'ing kidding me?!

I called USAA immediately and they have since taken down the View Documents portion of the website.

I told them I was very very unhappy and very concerned. On Monday I will be requesting free Subscription to their CMS as restitution.

Watch your Credit Report Closely if you are a USAA Member.

[UPDATE]

From USAA:

"Please note there was a technical issue last weekend during a system upgrade in which some personal member information could possibly have been visible to another USAA member on USAA.com. We identified the error within one hour of its occurrence, and immediately retracted the information to limit exposure.

From the information we have gathered, there is no indication of any fraudulent activity related to this occurrence. Furthermore, we are taking precautions to prevent this from happening again. We did want to make you aware of the situation. In response to this incident, we are taking the appropriate steps to notify and protect the identification of the people whose information was made available.

The protection and security of our member’s personal information is our top priority"

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 16:24:58 GMT

Lovely....

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 16:33:38 GMT

@Anonymous wrote:
Lovely....

Yeah that’s what I would have said had I not been livid about the situation.

It amazes me that USAA would even allow this to happen. IT departments are suppose to run things in test environments before live rollouts.

I sense IT firings to come.

Re: USAA Members: MUST READ

09Lexie — Sat, 30 Mar 2013 16:49:59 GMT

I wonder if they are going to notify their customers.

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 16:55:39 GMT

@Anonymous wrote:
@Anonymous wrote:
Lovely....
Yeah that’s what I would have said had I not been livid about the situation.

It amazes me that USAA would even allow this to happen. IT departments are suppose to run things in test environments before live rollouts.

I sense IT firings to come.

It's likely that the majority of their IT departmnet is outsourced with only the uppper levels of IT management being in-house. This makes for very minor if any level of accountability in most IT departments. The outsourcer simply states it as a bug for remediation and no it held accountable. If USAA wants to hold its outsourcer accountable, it simply ends the contract and gets another company. It could try to sue the outsourcer but that still won't change the level of accountability that their next outsourcing company is held to.

There is an intrinsic value to in housed IT departments that never sees the bottom line of a financial report.

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 17:05:27 GMT

It shouldnt be a great deal but of course we deserve to be notified of this.

I dont know they have treated me good so far.Its not the banks fault rather IT's

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 17:07:00 GMT

I remember I checked for documents early this morning and didn't see anything amiss - however you're correct, as of right now, their documents section at USAA has been taken down.

I would hope that the quality of your average USAA member would preclude most of us from doing anything wrong with any information that was accessible that wasn't supposed to be accessible.

But for sure everybody should keep a close eye on their credit reports. If you've printed documents already, take a look at your documents and see what information is printed on those. That will give you a good idea of what information somebody else might have seen about you and your accounts.

There's no doubt that USAA is going to take care of this and figure out what happened, who saw what, and take measures to compensate members in some way. I have no doubt in my mind as well that if you ask for credit monitoring or something, USAA probably will accomodate you and pick up the tab for it!

But good looking out for the rest of us and THANKS for posting this information! Otherwise, I might not have known about this as soon as I did (thanks to you)!

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 17:11:49 GMT

Fast side note:

If you log into your USAA accounts anybody see this message from them at the top of your accounts page?

Due to system maintenance some account information and access to documents may be unavailable.

They're calling it "system maintenance" and not a security breach/error.

That's interesting....

Re: USAA Members: MUST READ

LS2982 — Sat, 30 Mar 2013 17:17:48 GMT

Wow.....

I'd be livid. I was not impressed at all with them last year just getting an account started. Thats insane.

Re: USAA Members: MUST READ

kevinjjc — Sat, 30 Mar 2013 17:57:25 GMT

Thanks for the heads up!

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 18:49:34 GMT

Great! I am checking it out now.

Thanks for the heads up.

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 18:55:22 GMT

These sorts of things happen quite frequently, (and often don't make the news), either a programming error as is probably the case here, or data compromise because of hacking. In reality, it's probably best to think of all data that is online as potentially accessible to bad actors. Of course, going off-net is too inconvenient for most, so the rewards probably outweigh this risks.

This is why I never trust consolidation sites (which can login to your other accounts). Despite all the assurances given by those sites, a single breach gives access to way too much.

Re: USAA Members: MUST READ

webhopper — Sat, 30 Mar 2013 19:02:38 GMT

My husband and I got frustrated last year while getting signed up, I don't know If we sent them documents or not. Hopefully not!

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 20:11:01 GMT

Anybody else want to give the tax returns to Amex?

This is why many of us don't trust the lenders with our privacy.I get it that they lend us the money but not their ssn an not their id's

I am really upset cause i have send them my very sensitive docs but i trust that they will do the right thing on this

Comon guys USAA is a Great Lender and we all know that.Lets give them a break

We all make mistakes and they are also human beings

Re: USAA Members: MUST READ

jamesdwi — Sat, 30 Mar 2013 20:23:01 GMT

It's saturday, they notified IT, they put in and got approved for an emergency change request to get the problem resolved, they will circle the wagons on monday, get internal security, internal auditors, and upper level management, possibly internal lawers as well and make a decisiojn on how to proceed.

Re: USAA Members: MUST READ

scenery_guy — Sat, 30 Mar 2013 23:00:59 GMT

@Anonymous wrote:
Anybody else want to give the tax returns to Amex?

This is why many of us don't trust the lenders with our privacy.I get it that they lend us the money but not their ssn an not their id's
I am really upset cause i have send them my very sensitive docs but i trust that they will do the right thing on this

Comon guys USAA is a Great Lender and we all know that.Lets give them a break
We all make mistakes and they are also human beings

That's a little melodramatic isn't it? You put your SSN on every credit card application you submit. Do you think they just vanish once approved or declined? Same with auto loans. Same with mortgages. Same with employment applications. Background checks too. Get the point? It's not your privacy it's a 9 digit identification number that everyone uses all the time. If you are that worried lock down all three reports, pay for monitoring and sleep a little better.

Enough with the "give AMEX your tax return" rhetoric until someone can show proof that this "vital private information" has been misused or compromised by AMEX similar to the shoddy data management like USAA.

I would not cut USAA a break at all but I don't have a relationship with them either.

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 23:06:26 GMT

I have checked my USAA documents section quite a bit recently and this must be a new glitch because I have only been allowed access to my documents. I will go back and check today and see what is up

Re: USAA Members: MUST READ

Anonymous — Sat, 30 Mar 2013 23:22:43 GMT

@scenery_guy wrote:
@Anonymous wrote:
Anybody else want to give the tax returns to Amex?

This is why many of us don't trust the lenders with our privacy.I get it that they lend us the money but not their ssn an not their id's
I am really upset cause i have send them my very sensitive docs but i trust that they will do the right thing on this

Comon guys USAA is a Great Lender and we all know that.Lets give them a break
We all make mistakes and they are also human beings
That's a little melodramatic isn't it? You put your SSN on every credit card application you submit. Do you think they just vanish once approved or declined? Same with auto loans. Same with mortgages. Same with employment applications. Background checks too. Get the point? It's not your privacy it's a 9 digit identification number that everyone uses all the time. If you are that worried lock down all three reports, pay for monitoring and sleep a little better.

Enough with the "give AMEX your tax return" rhetoric until someone can show proof that this "vital private information" has been misused or compromised by AMEX similar to the shoddy data management like USAA.

I would not cut USAA a break at all but I don't have a relationship with them either.

Yes, it's not the SSN that is the issue with the tax return, it's all the other information that has been discussed here many times. Some don't see an issue, others do, and more discussion probably won't move things forward!

I agree with not giving USAA a break for being a great lender (as extreme hyperbole, compare with "Hitler was kind to his dog") but similar to your statement with Amex, we could wait and see if there is any harm.

But with Amex, when a lender asks for "too much" (IMO) I don't need to wait for proof of harm to decide not to agree, and Amex then has the right to close my account by saying "but this is the information we need".

Re: USAA Members: MUST READ

charleeislegend — Sat, 30 Mar 2013 23:29:56 GMT

I'm not too worried, all i have are my checking account statements in my documents. If anyone with malicious intent got those, i dont think they can do anything with them except know where i deposit my money haha

Re: USAA Members: MUST READ

Mddlrthr2 — Sat, 30 Mar 2013 23:53:05 GMT

I just checked MY Documents and can only see my documents. I've only been a member for two months. Thanks for the heads-up!