Perth Mint depository online data breach
Moderator: Global Moderator
- dualstow
- Executive Member
- Posts: 14298
- Joined: Wed Oct 27, 2010 10:18 am
- Location: synagogue of Satan
- Contact:
Re: Perth Mint depository online data breach
I think we should pay 0% for gold storage.
Re: Perth Mint depository online data breach
no monthly fees but...
Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights
at time of withdrawal..
Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights
at time of withdrawal..
-Government 2020+ - a BANANA REPUBLIC - if you can keep it
-Belief is the death of intelligence. As soon as one believes a doctrine of any sort, or assumes certitude, one stops thinking about that aspect of existence
-Belief is the death of intelligence. As soon as one believes a doctrine of any sort, or assumes certitude, one stops thinking about that aspect of existence
Re: Perth Mint depository online data breach
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
Re: Perth Mint depository online data breach
Also, why are they using this 3rd party to manage things if they already have the capability to manage things themselves?
Re: Perth Mint depository online data breach
That's the first report, but later it turned out that thousands of accounts were compromised. It was anyone who had a Depository Online account open between certain dates. The compromise occurred with the company they outsourced their security to.
Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
Re: Perth Mint depository online data breach
Being someone who works in the tech industry I can attest that this is easier said than done. The Perth Mint's expertise is... well... being a mint. They are not experts in web security. They would be more likely to screw it up than a third party company that specializes in this would. Moreover, it would also cost way more money, which means you would be paying more for a likely less secure platform. It sucks that their third party was compromised, but look how common that is these days? Even large companies and governments that have seemingly endless cash flows have fallen victim. It's a very tough problem to solve, because it is simply impossible to create an impenetrable system. This utopia does not exist, any time there are communications available there is room for exploitation. All "security" really does is just make it as much of a hassle as possible to crack the system. There's no crack proof system. It simply does not, nor will it ever, exist.sophie wrote: ↑Fri Jul 26, 2019 7:38 amXan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
Re: Perth Mint depository online data breach
pmward, in general I agree with what you're saying. My question had more to do with the above. The data for their higher-priced offering is stored in house, and they outsource the data for "Depository Online". If they can run "Depository Program" in house, why not "Depository Online"? Or is "Depository Program" only available via phone or some such?
Re: Perth Mint depository online data breach
pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.
Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.
Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.
Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Re: Perth Mint depository online data breach
Well, that makes some sense then.sophie wrote: ↑Sat Jul 27, 2019 11:13 amXan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Sophie, you're a EE also? EEs are big in my family. I majored in computer engineering, which is just different enough for them all to make fun of me as a "5 volt engineer". Once we were all at a park in Memphis where there was a big gondola cable car station, and a sign that said "Danger: 1,000,000 volts". I contemplated it for a moment and said, "well, it's gotta be a one!"
- vnatale
- Executive Member
- Posts: 9483
- Joined: Fri Apr 12, 2019 8:56 pm
- Location: Massachusetts
- Contact:
Re: Perth Mint depository online data breach
MangoMan wrote: ↑Wed Sep 19, 2018 12:51 pmYes, I consciously chose not to hold any physical. The transaction fees, premiums, and ridiculous hassle of storage are more of a headache than the (in my opinion) infinitesimal risk of Gold ETFs. And what makes anyone think the Perth Mint is somehow safer than an ETF? Globally diversified, yes, but if the US goes down the rabbit hole, Europe and Australia are not far behind, unless of course they are in front!
I'm assume you'd write all the same today?
VInny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
- vnatale
- Executive Member
- Posts: 9483
- Joined: Fri Apr 12, 2019 8:56 pm
- Location: Massachusetts
- Contact:
Re: Perth Mint depository online data breach
sophie wrote: ↑Sat Jul 27, 2019 11:13 am pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.
Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.
Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Just finished reading all the posts in the Topic.
What is your personal update regarding Perth? You still using them? Was this resolved to your satisfaction? Or, has this left some form of lingering dissatisfaction with them?
Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Re: Perth Mint depository online data breach
Nothing new to report. They stated there would be an investigation at some point but there's been no further public statements.
These days, I just assume that my personal information might as well be published in the New York Times, and that it's been breached far more often than is indicated by notices I've received. In fact, I'd go so far as to assume that EVERY entity that owns my data has exposed it at some point. If I went with, say, the Texas depository or Hard Assets Alliance instead of the Perth Mint, I'd still be dealing with that particular vulnerability.
This is different from someone actually getting into your account and stealing money from it. That would be quite difficult at Perth Mint because the thief would have to somehow change the associated bank account and the email address (for notification) at the same time. Perth Mint only permits one linked bank account, and you have to contact them directly to change it - can't do it online. I think you'd have to resubmit a copy of your passport, so the thief would need that as well. This would be especially difficult if the one I used to open the account had expired & been renewed in the meantime.
Treasury Direct used to have that failsafe, but no longer. Now you can add or change linked bank accounts online, at will. I'm far more concerned about them.
These days, I just assume that my personal information might as well be published in the New York Times, and that it's been breached far more often than is indicated by notices I've received. In fact, I'd go so far as to assume that EVERY entity that owns my data has exposed it at some point. If I went with, say, the Texas depository or Hard Assets Alliance instead of the Perth Mint, I'd still be dealing with that particular vulnerability.
This is different from someone actually getting into your account and stealing money from it. That would be quite difficult at Perth Mint because the thief would have to somehow change the associated bank account and the email address (for notification) at the same time. Perth Mint only permits one linked bank account, and you have to contact them directly to change it - can't do it online. I think you'd have to resubmit a copy of your passport, so the thief would need that as well. This would be especially difficult if the one I used to open the account had expired & been renewed in the meantime.
Treasury Direct used to have that failsafe, but no longer. Now you can add or change linked bank accounts online, at will. I'm far more concerned about them.
- dualstow
- Executive Member
- Posts: 14298
- Joined: Wed Oct 27, 2010 10:18 am
- Location: synagogue of Satan
- Contact:
Re: Perth Mint depository online data breach
Don't worry, Sophie. That paper seems to be kryptonite to most members here.
{ While not a huge fan, I actually just picked up a digital subscription. $1/week was too good to pass up. }
Re: Perth Mint depository online data breach
I've got an even better deal: $0/week. Their paywall is easy to get past (at least it was last I checked), and if I don't want to deal with it but want to read an article, it'll be available next month.
I've been considering subscribing to WSJ though. Worth reading plus I just like the idea of rewarding good journalism. It's super expensive, but there's a nice introductory offer and one of my credit cards (AmEx) has a cash back deal for WSJ subscriptions going.
I've been considering subscribing to WSJ though. Worth reading plus I just like the idea of rewarding good journalism. It's super expensive, but there's a nice introductory offer and one of my credit cards (AmEx) has a cash back deal for WSJ subscriptions going.
- vnatale
- Executive Member
- Posts: 9483
- Joined: Fri Apr 12, 2019 8:56 pm
- Location: Massachusetts
- Contact:
Re: Perth Mint depository online data breach
The Wall Street Journal used to freely give out a user name / password for those in the media to use. And, it seemed like everyone used to know it.sophie wrote: ↑Wed Jan 29, 2020 9:03 am I've got an even better deal: $0/week. Their paywall is easy to get past (at least it was last I checked), and if I don't want to deal with it but want to read an article, it'll be available next month.
I've been considering subscribing to WSJ though. Worth reading plus I just like the idea of rewarding good journalism. It's super expensive, but there's a nice introductory offer and one of my credit cards (AmEx) has a cash back deal for WSJ subscriptions going.
https://www.inc.com/bill-murphy-jr/free ... media.html
But now it seems like they have locked this down fairly well.
Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
- dualstow
- Executive Member
- Posts: 14298
- Joined: Wed Oct 27, 2010 10:18 am
- Location: synagogue of Satan
- Contact:
Re: Perth Mint depository online data breach
I like the WSJ. I have access through a relative.