Perth Mint depository online data breach

Discussion of the Gold portion of the Permanent Portfolio

Moderator: Global Moderator

User avatar
sophie
Executive Member
Executive Member
Posts: 3627
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Tue Jul 23, 2019 8:34 am

I got a response back: Depository Program no longer has minimums, so anyone can now use it. Nice, except that fees to purchase are high compared to Depository Online if your account is under $250K (2% with DP, vs. 0.5% with DO when you buy on a monthly schedule).

Since my login info, passport etc were part of the data breach, I'm wondering how much more secure I'd be in reality. Also, am asking them if they outsource security for DP as well....if so, then I wouldn't go for it. Otherwise, the extra purchase fee might be worth paying in exchange for extra security...what do you all think?

And yes I have some physicial gold, and ETFs in tax-advantaged accounts. I wanted the international diversification.
User avatar
dualstow
Executive Member
Executive Member
Posts: 10444
Joined: Wed Oct 27, 2010 10:18 am
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Tue Jul 23, 2019 9:45 am

sophie wrote:
Tue Jul 23, 2019 8:34 am
Since my login info, passport etc were part of the data breach,
I gave my info to Kraken, passport info included, just to access the bitcoin that Marc gave away, and it didn't work. Oops. At least you have your gold.
RIP Charlie Daniels
User avatar
sophie
Executive Member
Executive Member
Posts: 3627
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Wed Jul 24, 2019 6:04 pm

Possibly helpful response from Perth Mint:
The Depository Online utilises a very current and high security data storage service, unfortunately in this world we are unable to provide guarantee that a breach won’t be attempted in the future, but please be assured that we are actively doing everything we can to prevent this. Please know that all balances on the account are completely guaranteed by the Western Australian Government.

The data for the Depository Program is held “in house” and is not held with a third party.
Well...what do you all think? I'm still on the fence about whether paying the extra 1.5% commission is worth an extra level of safety. Good to know that they'll restore the account if something happens.
User avatar
dualstow
Executive Member
Executive Member
Posts: 10444
Joined: Wed Oct 27, 2010 10:18 am
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Jul 24, 2019 9:19 pm

I think we should pay 0% for gold storage.
RIP Charlie Daniels
User avatar
l82start
Global Moderator
Global Moderator
Posts: 2460
Joined: Sun Apr 25, 2010 9:51 pm

Re: Perth Mint depository online data breach

Post by l82start » Wed Jul 24, 2019 10:09 pm

no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
"Ghislaine Maxwell didn't kill herself"

“The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary.”
Belief is the death of intelligence. As soon as one believes a doctrine of any sort, or assumes certitude, one stops thinking about that aspect of existence
User avatar
dualstow
Executive Member
Executive Member
Posts: 10444
Joined: Wed Oct 27, 2010 10:18 am
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Thu Jul 25, 2019 9:17 am

l82start wrote:
Wed Jul 24, 2019 10:09 pm
no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
And a bubble maker to discourage the sharks with frikkin laser beams on their heads.
RIP Charlie Daniels
User avatar
ochotona
Executive Member
Executive Member
Posts: 3177
Joined: Fri Jan 30, 2015 5:54 am

Re: Perth Mint depository online data breach

Post by ochotona » Thu Jul 25, 2019 9:53 am

So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
User avatar
Xan
Administrator
Administrator
Posts: 2603
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Thu Jul 25, 2019 10:44 am

Also, why are they using this 3rd party to manage things if they already have the capability to manage things themselves?
User avatar
sophie
Executive Member
Executive Member
Posts: 3627
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Fri Jul 26, 2019 7:38 am

ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
That's the first report, but later it turned out that thousands of accounts were compromised. It was anyone who had a Depository Online account open between certain dates. The compromise occurred with the company they outsourced their security to.

Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
pmward
Executive Member
Executive Member
Posts: 1177
Joined: Thu Jan 24, 2019 4:39 pm

Re: Perth Mint depository online data breach

Post by pmward » Fri Jul 26, 2019 11:22 am

sophie wrote:
Fri Jul 26, 2019 7:38 am
ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
Being someone who works in the tech industry I can attest that this is easier said than done. The Perth Mint's expertise is... well... being a mint. They are not experts in web security. They would be more likely to screw it up than a third party company that specializes in this would. Moreover, it would also cost way more money, which means you would be paying more for a likely less secure platform. It sucks that their third party was compromised, but look how common that is these days? Even large companies and governments that have seemingly endless cash flows have fallen victim. It's a very tough problem to solve, because it is simply impossible to create an impenetrable system. This utopia does not exist, any time there are communications available there is room for exploitation. All "security" really does is just make it as much of a hassle as possible to crack the system. There's no crack proof system. It simply does not, nor will it ever, exist.
User avatar
Xan
Administrator
Administrator
Posts: 2603
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Fri Jul 26, 2019 11:38 am

sophie wrote:
Wed Jul 24, 2019 6:04 pm
The data for the Depository Program is held “in house” and is not held with a third party.
pmward, in general I agree with what you're saying. My question had more to do with the above. The data for their higher-priced offering is stored in house, and they outsource the data for "Depository Online". If they can run "Depository Program" in house, why not "Depository Online"? Or is "Depository Program" only available via phone or some such?
User avatar
sophie
Executive Member
Executive Member
Posts: 3627
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Sat Jul 27, 2019 11:13 am

pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.

Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.

Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Post Reply