Perth Mint depository online data breach

Discussion of the Gold portion of the Permanent Portfolio

Moderator: Global Moderator

User avatar
dualstow
Executive Member
Executive Member
Posts: 14228
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Jul 24, 2019 9:19 pm

I think we should pay 0% for gold storage.
Sam Bankman-Fried sentenced to 25 years
User avatar
l82start
Global Moderator
Global Moderator
Posts: 1291
Joined: Sun Apr 25, 2010 9:51 pm

Re: Perth Mint depository online data breach

Post by l82start » Wed Jul 24, 2019 10:09 pm

no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
-Government 2020+ - a BANANA REPUBLIC - if you can keep it

-Belief is the death of intelligence. As soon as one believes a doctrine of any sort, or assumes certitude, one stops thinking about that aspect of existence
User avatar
dualstow
Executive Member
Executive Member
Posts: 14228
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Thu Jul 25, 2019 9:17 am

l82start wrote:
Wed Jul 24, 2019 10:09 pm
no monthly fees but...

Air Dive Package: $ 60
2 Alum 80 Air Tanks
BCD
Regulator/ Compass/ Gauge
Weights

at time of withdrawal..
O0
And a bubble maker to discourage the sharks with frikkin laser beams on their heads.
Sam Bankman-Fried sentenced to 25 years
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Perth Mint depository online data breach

Post by ochotona » Thu Jul 25, 2019 9:53 am

So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Thu Jul 25, 2019 10:44 am

Also, why are they using this 3rd party to manage things if they already have the capability to manage things themselves?
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Fri Jul 26, 2019 7:38 am

ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
That's the first report, but later it turned out that thousands of accounts were compromised. It was anyone who had a Depository Online account open between certain dates. The compromise occurred with the company they outsourced their security to.

Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
pmward
Executive Member
Executive Member
Posts: 1731
Joined: Thu Jan 24, 2019 4:39 pm

Re: Perth Mint depository online data breach

Post by pmward » Fri Jul 26, 2019 11:22 am

sophie wrote:
Fri Jul 26, 2019 7:38 am
ochotona wrote:
Thu Jul 25, 2019 9:53 am
So the original data breach was 13 people, Sophie? What did you do to be in that auspicious group? Surely they have 1000s of clients.
Xan I totally agree...if you're a mint you are all about airtight physical and electronic security. Why the heck would you even consider outsourcing it to a company with much less at stake than you have? I can understand hiring consultants to build a system, but no way would I be handing out lists of sensitive information to anyone not fully under the mint's oversight.
Being someone who works in the tech industry I can attest that this is easier said than done. The Perth Mint's expertise is... well... being a mint. They are not experts in web security. They would be more likely to screw it up than a third party company that specializes in this would. Moreover, it would also cost way more money, which means you would be paying more for a likely less secure platform. It sucks that their third party was compromised, but look how common that is these days? Even large companies and governments that have seemingly endless cash flows have fallen victim. It's a very tough problem to solve, because it is simply impossible to create an impenetrable system. This utopia does not exist, any time there are communications available there is room for exploitation. All "security" really does is just make it as much of a hassle as possible to crack the system. There's no crack proof system. It simply does not, nor will it ever, exist.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Fri Jul 26, 2019 11:38 am

sophie wrote:
Wed Jul 24, 2019 6:04 pm
The data for the Depository Program is held “in house” and is not held with a third party.
pmward, in general I agree with what you're saying. My question had more to do with the above. The data for their higher-priced offering is stored in house, and they outsource the data for "Depository Online". If they can run "Depository Program" in house, why not "Depository Online"? Or is "Depository Program" only available via phone or some such?
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Sat Jul 27, 2019 11:13 am

pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.

Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.

Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Perth Mint depository online data breach

Post by Xan » Sat Jul 27, 2019 2:37 pm

sophie wrote:
Sat Jul 27, 2019 11:13 am
Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.
Well, that makes some sense then.

Sophie, you're a EE also? EEs are big in my family. I majored in computer engineering, which is just different enough for them all to make fun of me as a "5 volt engineer". Once we were all at a park in Memphis where there was a big gondola cable car station, and a sign that said "Danger: 1,000,000 volts". I contemplated it for a moment and said, "well, it's gotta be a one!"
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Perth Mint depository online data breach

Post by vnatale » Mon Jan 27, 2020 11:05 am

MangoMan wrote:
Wed Sep 19, 2018 12:51 pm
jhogue wrote:
Wed Sep 19, 2018 11:06 am
Pugchief,

Did you consciously decide at some point not to hold physical gold? Or, is it perhaps the consequence of the tax structure of your investment portfolio?
Yes, I consciously chose not to hold any physical. The transaction fees, premiums, and ridiculous hassle of storage are more of a headache than the (in my opinion) infinitesimal risk of Gold ETFs. And what makes anyone think the Perth Mint is somehow safer than an ETF? Globally diversified, yes, but if the US goes down the rabbit hole, Europe and Australia are not far behind, unless of course they are in front!



I'm assume you'd write all the same today?

VInny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Perth Mint depository online data breach

Post by vnatale » Mon Jan 27, 2020 11:10 am

sophie wrote:
Sat Jul 27, 2019 11:13 am
pmward - I did say I thought it reasonable for them to consult with an outside firm to build a secure system. Handing out customer information to a 3rd party is what I objected to.

Here's an example for you: my dept outsourced a specialized EMR development to a software development shop in India. I know first hand that the associated hospital's entire list of patients (names, DOB, SSN etc), going back decades, was exposed to that India group. In other words, they've got sensitive info for thousands of people. What do you think they might be doing with that info, not being duty bound by anything in particular to safeguard it? I complained at the time that they had no need to get that kind of info, but was overruled by the two-bit high school graduate idiot bureaucrat who I was supposed to suck up to, because that person was in administration and I was just a lowly professor with a degree in electrical engineering in addition to my MD.

Xan - correct, if you are in the Depository Program you have to conduct business by phone. There's no website. The data on your account is stored on a computer at Perth Mint with no external Internet connection. There's a password that you use to identify yourself when you call. Money transfers otherwise work the same as Depository Online: it goes to/from your linked bank account via wire.


Just finished reading all the posts in the Topic.

What is your personal update regarding Perth? You still using them? Was this resolved to your satisfaction? Or, has this left some form of lingering dissatisfaction with them?

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Tue Jan 28, 2020 9:23 am

Nothing new to report. They stated there would be an investigation at some point but there's been no further public statements.

These days, I just assume that my personal information might as well be published in the New York Times, and that it's been breached far more often than is indicated by notices I've received. In fact, I'd go so far as to assume that EVERY entity that owns my data has exposed it at some point. If I went with, say, the Texas depository or Hard Assets Alliance instead of the Perth Mint, I'd still be dealing with that particular vulnerability.

This is different from someone actually getting into your account and stealing money from it. That would be quite difficult at Perth Mint because the thief would have to somehow change the associated bank account and the email address (for notification) at the same time. Perth Mint only permits one linked bank account, and you have to contact them directly to change it - can't do it online. I think you'd have to resubmit a copy of your passport, so the thief would need that as well. This would be especially difficult if the one I used to open the account had expired & been renewed in the meantime.

Treasury Direct used to have that failsafe, but no longer. Now you can add or change linked bank accounts online, at will. I'm far more concerned about them.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14228
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Tue Jan 28, 2020 10:01 am

sophie wrote:
Tue Jan 28, 2020 9:23 am
Nothing new to report. They stated there would be an investigation at some point but there's been no further public statements.

These days, I just assume that my personal information might as well be published in the New York Times,
...
Don't worry, Sophie. That paper seems to be kryptonite to most members here. O0
{ While not a huge fan, I actually just picked up a digital subscription. $1/week was too good to pass up. }
Sam Bankman-Fried sentenced to 25 years
User avatar
sophie
Executive Member
Executive Member
Posts: 1959
Joined: Mon Apr 23, 2012 7:15 pm

Re: Perth Mint depository online data breach

Post by sophie » Wed Jan 29, 2020 9:03 am

I've got an even better deal: $0/week. Their paywall is easy to get past (at least it was last I checked), and if I don't want to deal with it but want to read an article, it'll be available next month.

I've been considering subscribing to WSJ though. Worth reading plus I just like the idea of rewarding good journalism. It's super expensive, but there's a nice introductory offer and one of my credit cards (AmEx) has a cash back deal for WSJ subscriptions going.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Perth Mint depository online data breach

Post by vnatale » Wed Jan 29, 2020 9:34 am

sophie wrote:
Wed Jan 29, 2020 9:03 am
I've got an even better deal: $0/week. Their paywall is easy to get past (at least it was last I checked), and if I don't want to deal with it but want to read an article, it'll be available next month.

I've been considering subscribing to WSJ though. Worth reading plus I just like the idea of rewarding good journalism. It's super expensive, but there's a nice introductory offer and one of my credit cards (AmEx) has a cash back deal for WSJ subscriptions going.
The Wall Street Journal used to freely give out a user name / password for those in the media to use. And, it seemed like everyone used to know it.

https://www.inc.com/bill-murphy-jr/free ... media.html

But now it seems like they have locked this down fairly well.

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
dualstow
Executive Member
Executive Member
Posts: 14228
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Jan 29, 2020 10:06 am

I like the WSJ. I have access through a relative.
Sam Bankman-Fried sentenced to 25 years
User avatar
dualstow
Executive Member
Executive Member
Posts: 14228
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Perth Mint depository online data breach

Post by dualstow » Wed Jan 29, 2020 3:40 pm

MangoMan wrote:
Wed Jan 29, 2020 3:18 pm
dualstow wrote:
Wed Jan 29, 2020 10:06 am
I like the WSJ. I have access through a relative.
LOL. Last I checked, they don't have multi-user or family plans.
But we do. He pays the bill and I share the login credentials.
Sam Bankman-Fried sentenced to 25 years
Don
Executive Member
Executive Member
Posts: 286
Joined: Fri Apr 21, 2017 6:21 pm

Re: Perth Mint depository online data breach

Post by Don » Fri Feb 14, 2020 5:37 pm

dualstow wrote:
Wed Jan 29, 2020 3:40 pm
MangoMan wrote:
Wed Jan 29, 2020 3:18 pm
dualstow wrote:
Wed Jan 29, 2020 10:06 am
I like the WSJ. I have access through a relative.
LOL. Last I checked, they don't have multi-user or family plans.
But we do. He pays the bill and I share the login credentials.
Felon!
Post Reply