Perth Mint depository online data breach

Discussion of the Gold portion of the Permanent Portfolio

Moderator: Global Moderator

User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Tue Sep 18, 2018 1:48 pm

Xan wrote:
Tue Sep 18, 2018 12:14 pm
Pay cash at a local coin shop.
I think I might sell a coin at a time for cash one day*, but carrying cash in the city brings its own risks. I never carry more than $100, let alone the $1200 I'd need today for an ounce of gold bullion.

*In the future, if I'm lucky enough to sell a coin for, say, $2000..Hmm, I'd probably accept a check.
Sam Bankman-Fried sentenced to 25 years
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Perth Mint depository online data breach

Post by jhogue » Wed Sep 19, 2018 11:06 am

Pugchief,

Did you consciously decide at some point not to hold physical gold? Or, is it perhaps the consequence of the tax structure of your investment portfolio?
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Sep 19, 2018 1:36 pm

MangoMan wrote:
Wed Sep 19, 2018 12:51 pm
...
And what makes anyone think the Perth Mint is somehow safer than an ETF?
I don't think it's safer, but I like it better. Or, I did, rather. While I applaud them for being up front about the breach -- I'm looking at you, Marissa Mayer -- they are no longer on my list of possible storage solutions. I *would* buy coins from them, though.
Sam Bankman-Fried sentenced to 25 years
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Sat Jul 20, 2019 1:31 pm

Any update on this, Sophie? Have things gotten better or worse? The same?
Sam Bankman-Fried sentenced to 25 years
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Sun Jul 21, 2019 7:45 am

No info has been forthcoming and I doubt there will be anything. I wrote to them and got a snippy letter back that said I was welcome to take my business elsewhere if I wasn't happy with their security practices. I guess that means they will continue to outsource their Depository Online website & security.

I'm still not sure what to do, but I suspect that compared to private bullion services like Goldmoney or Texas Depository, they're neither more nor less safe. Their depository program is much safer than Depository Online, because it's managed on a computer with no internet access and you have to place a phone call to make purchases or withdrawals. They used to specify a minimum opening balance for the depository program, but I can't find it on the website? Wonder if that means they no longer hold you to a minimum?? Guess I'll have to ask them.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Sun Jul 21, 2019 10:20 am

A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.
Sam Bankman-Fried sentenced to 25 years
User avatar
Kriegsspiel
Executive Member
Executive Member
Posts: 4052
Joined: Sun Sep 16, 2012 5:28 pm

Re: Perth Mint depository online data breach

Post by Kriegsspiel » Sun Jul 21, 2019 10:39 am

dualstow wrote:
Sun Jul 21, 2019 10:20 am
A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.
Why don't you just buy some coins and keep them in your home?
You there, Ephialtes. May you live forever.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Sun Jul 21, 2019 10:45 am

Kriegsspiel wrote:
Sun Jul 21, 2019 10:39 am
dualstow wrote:
Sun Jul 21, 2019 10:20 am
A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.
Why don't you just buy some coins and keep them in your home?
I do. Some there, some at my dad’s — he already has his own numismatics there or I wouldn’t expose him — and some at the bank.
Sam Bankman-Fried sentenced to 25 years
User avatar
Kriegsspiel
Executive Member
Executive Member
Posts: 4052
Joined: Sun Sep 16, 2012 5:28 pm

Re: Perth Mint depository online data breach

Post by Kriegsspiel » Sun Jul 21, 2019 2:24 pm

Oh ok, the way you said it it...
You there, Ephialtes. May you live forever.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Sun Jul 21, 2019 5:31 pm

Kriegsspiel wrote:
Sun Jul 21, 2019 2:24 pm
Oh ok, the way you said it it...
There is no comfort, no ideal, but I’m making do.
First World Problem, yes. O0
Sam Bankman-Fried sentenced to 25 years
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Tue Jul 23, 2019 8:34 am

I got a response back: Depository Program no longer has minimums, so anyone can now use it. Nice, except that fees to purchase are high compared to Depository Online if your account is under $250K (2% with DP, vs. 0.5% with DO when you buy on a monthly schedule).

Since my login info, passport etc were part of the data breach, I'm wondering how much more secure I'd be in reality. Also, am asking them if they outsource security for DP as well....if so, then I wouldn't go for it. Otherwise, the extra purchase fee might be worth paying in exchange for extra security...what do you all think?

And yes I have some physicial gold, and ETFs in tax-advantaged accounts. I wanted the international diversification.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Tue Jul 23, 2019 9:45 am

sophie wrote:
Tue Jul 23, 2019 8:34 am
Since my login info, passport etc were part of the data breach,
I gave my info to Kraken, passport info included, just to access the bitcoin that Marc gave away, and it didn't work. Oops. At least you have your gold.
Sam Bankman-Fried sentenced to 25 years
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Wed Jul 24, 2019 6:04 pm

Possibly helpful response from Perth Mint:
The Depository Online utilises a very current and high security data storage service, unfortunately in this world we are unable to provide guarantee that a breach won’t be attempted in the future, but please be assured that we are actively doing everything we can to prevent this. Please know that all balances on the account are completely guaranteed by the Western Australian Government.

The data for the Depository Program is held “in house” and is not held with a third party.
Well...what do you all think? I'm still on the fence about whether paying the extra 1.5% commission is worth an extra level of safety. Good to know that they'll restore the account if something happens.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Jul 24, 2019 9:19 pm

I think we should pay 0% for gold storage.
Sam Bankman-Fried sentenced to 25 years
User avatar
l82start
Global Moderator
Global Moderator
Posts: 1291
Joined: Sun Apr 25, 2010 9:51 pm

Re: Perth Mint depository online data breach

Post by l82start » Wed Jul 24, 2019 10:09 pm

no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
-Government 2020+ - a BANANA REPUBLIC - if you can keep it

-Belief is the death of intelligence. As soon as one believes a doctrine of any sort, or assumes certitude, one stops thinking about that aspect of existence
User avatar
dualstow
Executive Member
Executive Member
Posts: 14233
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Thu Jul 25, 2019 9:17 am

l82start wrote:
Wed Jul 24, 2019 10:09 pm
no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
And a bubble maker to discourage the sharks with frikkin laser beams on their heads.
Sam Bankman-Fried sentenced to 25 years
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Perth Mint depository online data breach

Post by ochotona » Thu Jul 25, 2019 9:53 am

So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
User avatar
Xan
Administrator
Administrator
Posts: 4393
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Thu Jul 25, 2019 10:44 am

Also, why are they using this 3rd party to manage things if they already have the capability to manage things themselves?
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Fri Jul 26, 2019 7:38 am

ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
That's the first report, but later it turned out that thousands of accounts were compromised. It was anyone who had a Depository Online account open between certain dates. The compromise occurred with the company they outsourced their security to.

Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
pmward
Executive Member
Executive Member
Posts: 1731
Joined: Thu Jan 24, 2019 4:39 pm

Re: Perth Mint depository online data breach

Post by pmward » Fri Jul 26, 2019 11:22 am

sophie wrote:
Fri Jul 26, 2019 7:38 am
ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
Being someone who works in the tech industry I can attest that this is easier said than done. The Perth Mint's expertise is... well... being a mint. They are not experts in web security. They would be more likely to screw it up than a third party company that specializes in this would. Moreover, it would also cost way more money, which means you would be paying more for a likely less secure platform. It sucks that their third party was compromised, but look how common that is these days? Even large companies and governments that have seemingly endless cash flows have fallen victim. It's a very tough problem to solve, because it is simply impossible to create an impenetrable system. This utopia does not exist, any time there are communications available there is room for exploitation. All "security" really does is just make it as much of a hassle as possible to crack the system. There's no crack proof system. It simply does not, nor will it ever, exist.
User avatar
Xan
Administrator
Administrator
Posts: 4393
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Fri Jul 26, 2019 11:38 am

sophie wrote:
Wed Jul 24, 2019 6:04 pm
The data for the Depository Program is held “in house” and is not held with a third party.
pmward, in general I agree with what you're saying. My question had more to do with the above. The data for their higher-priced offering is stored in house, and they outsource the data for "Depository Online". If they can run "Depository Program" in house, why not "Depository Online"? Or is "Depository Program" only available via phone or some such?
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Sat Jul 27, 2019 11:13 am

pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.

Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.

Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
User avatar
Xan
Administrator
Administrator
Posts: 4393
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Sat Jul 27, 2019 2:37 pm

sophie wrote:
Sat Jul 27, 2019 11:13 am
Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Well, that makes some sense then.

Sophie, you're a EE also? EEs are big in my family. I majored in computer engineering, which is just different enough for them all to make fun of me as a "5 volt engineer". Once we were all at a park in Memphis where there was a big gondola cable car station, and a sign that said "Danger: 1,000,000 volts". I contemplated it for a moment and said, "well, it's gotta be a one!"
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Perth Mint depository online data breach

Post by vnatale » Mon Jan 27, 2020 11:05 am

MangoMan wrote:
Wed Sep 19, 2018 12:51 pm
jhogue wrote:
Wed Sep 19, 2018 11:06 am
Pugchief,

Did you consciously decide at some point not to hold physical gold? Or, is it perhaps the consequence of the tax structure of your investment portfolio?
Yes, I consciously chose not to hold any physical. The transaction fees, premiums, and ridiculous hassle of storage are more of a headache than the (in my opinion) infinitesimal risk of Gold ETFs. And what makes anyone think the Perth Mint is somehow safer than an ETF? Globally diversified, yes, but if the US goes down the rabbit hole, Europe and Australia are not far behind, unless of course they are in front!



I'm assume you'd write all the same today?

VInny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Perth Mint depository online data breach

Post by vnatale » Mon Jan 27, 2020 11:10 am

sophie wrote:
Sat Jul 27, 2019 11:13 am
pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.

Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.

Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.


Just finished reading all the posts in the Topic.

What is your personal update regarding Perth? You still using them? Was this resolved to your satisfaction? Or, has this left some form of lingering dissatisfaction with them?

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Post Reply