Page 1 of 2

Perth Mint depository online data breach

Posted: Sat Sep 08, 2018 7:23 am
by sophie
Email notice this AM:
Dear Customer,



We are writing to let you know that The Perth Mint has experienced a data breach involving the personal information of 13 Depository Online customers.

At the outset we want to assure you that your Depository Online investment account at The Perth Mint remains secure and has not been affected in any way.

Our forensic investigation to date indicates that the breach occurred as a result of data being taken from information held by a third-party provider.

We are in the process of contacting the 13 clients whose data has been breached and offering them assistance to help prevent their personal information from being misused.

Our investigation is ongoing, and we are working with the external third-party provider to understand how this breach occurred.

We have taken immediate steps to nullify the identified threat and can assure your account and our systems remain secure.

Further information in relation to our response to the data breach is available on our website www.perthmint.com/data

If you would like to contact us in relation to this matter please email our depository team at depository@perthmint.com or call on +61 8 9421 7250.
I'm glad they're taking it seriously, but would be nice to know what they mean by "nullifying" a data breach. And of course, this is a reminder of the risks of third party holdings (to be set against risks of holding physical gold).

Re: Perth Mint depository online data breach

Posted: Sat Sep 08, 2018 11:06 am
by dualstow
Thank you for sharing, Sophie.
That is unnerving news!
I commend them for being forthright, not like Yahoo. Still, Are you going to stick with them?

Re: Perth Mint depository online data breach

Posted: Sat Sep 08, 2018 11:40 pm
by sophie
Yes, I'm sticking with my holdings. I did change my password and will keep an eye on news from the Mint.

Even with this, I think it's still safer than an ETF.

Re: Perth Mint depository online data breach

Posted: Sun Sep 09, 2018 10:52 am
by eufo
sophie wrote:
Sat Sep 08, 2018 11:40 pm
I think it's still safer than an ETF.
+1

I still hold some in GLDM, but I'm prepared for it to be forfeit.

Re: Perth Mint depository online data breach

Posted: Sun Sep 09, 2018 11:45 am
by Kriegsspiel
I like to hold my gold in my hand and between my teeth, and maybe see how tall of a tower I can stack on my forehead when I'm laying down; not entrust it to some bullshit encyption.

Re: Perth Mint depository online data breach

Posted: Sun Sep 09, 2018 1:45 pm
by dualstow
Kriegsspiel wrote:
Sun Sep 09, 2018 11:45 am
I like to hold my gold in my hand and between my teeth, and maybe see how tall of a tower I can stack on my forehead when I'm laying down; not entrust it to some bullshit encyption.
The space between my teeth isn’t big enough, but I like getting the “expense ratio”, if we can call it that— well, the fee to hold it —over with at the beginning. All my non-gold funds pay a dividend that makes an ongoing fee of, say, 0.25%, more than tolerable.

There are a lot of posts, including from me, about the angst of holding and transporting physical gold. It can indeed be nerve wracking, and that’s why the Perth Mint depository could be a great alternative. I think if I had pounds and pounds of the stuff, I might still go for it.

Re: Perth Mint depository online data breach

Posted: Mon Sep 17, 2018 6:13 pm
by Mr Vacuum
The breach grows: Perth Mint Confirms More Customers Involved In Data Breach

I received notice this morning my account information was among those compromised, including "the numbers of your bank account, your passport and/or driver’s license." Further, "The information illegally accessed was taken from an old 2016 database." So sloppy. I went through the hassle of account setup around then and never even funded it.

I contacted my bank and they recommending closing my account. I've had many credit card numbers compromised, but this is the first bank account number.

Credit is already frozen after the Equifax mess.

Now to switch over all the direct deposit and bill pay EFTs, and find out if anything needs to be done about the passport and/or driver's license numbers.

Re: Perth Mint depository online data breach

Posted: Mon Sep 17, 2018 10:25 pm
by sophie
Well, that's not pleasant....so they make all this fuss about requiring passports and not allowing you to change attached bank accounts, and then they hand all this data to a "third party" with sloppy system security?

I think they know that security is what their brand is made of. Hopefully this is a wakeup call.

Re: Perth Mint depository online data breach

Posted: Tue Sep 18, 2018 11:14 am
by dualstow
Mr Vacuum wrote:
Mon Sep 17, 2018 6:13 pm
The breach grows: Perth Mint Confirms More Customers Involved In Data Breach

I received notice this morning my account information was among those compromised, including "the numbers of your bank account, your passport and/or driver’s license." Further, "The information illegally accessed was taken from an old 2016 database."
...
Wow. Ok, I think I'm better off just continuing to buy physical. That's not to say that there won't be a breach at my vendor, and routing numbers and account numbers can be gleaned from check images. I'll take my chances.
Thank you for posting this.

Re: Perth Mint depository online data breach

Posted: Tue Sep 18, 2018 11:35 am
by Kriegsspiel
Mr Vacuum wrote:
Mon Sep 17, 2018 6:13 pm


Credit is already frozen after the Equifax mess.

Just wait until you need to unfreeze it, they're hilariously incompetent. After failing to unfreeze mine through the website for days on end so that I could get utilities set up at my new place, I followed their instructions for mailing in a paper request. Weeks later, I got a letter back: "Sorry, we were unable to process your request to freeze your minor child's credit, etc etc we are dumb as fuck."

Re: Perth Mint depository online data breach

Posted: Tue Sep 18, 2018 11:54 am
by dualstow
They had one job. O0

Re: Perth Mint depository online data breach

Posted: Tue Sep 18, 2018 12:14 pm
by Xan
dualstow wrote:
Tue Sep 18, 2018 11:14 am
Mr Vacuum wrote:
Mon Sep 17, 2018 6:13 pm
The breach grows: Perth Mint Confirms More Customers Involved In Data Breach

I received notice this morning my account information was among those compromised, including "the numbers of your bank account, your passport and/or driver’s license." Further, "The information illegally accessed was taken from an old 2016 database."
...
Wow. Ok, I think I'm better off just continuing to buy physical. That's not to say that there won't be a breach at my vendor, and routing numbers and account numbers can be gleaned from check images. I'll take my chances.
Thank you for posting this.
Pay cash at a local coin shop.

Re: Perth Mint depository online data breach

Posted: Tue Sep 18, 2018 1:48 pm
by dualstow
Xan wrote:
Tue Sep 18, 2018 12:14 pm
Pay cash at a local coin shop.
I think I might sell a coin at a time for cash one day*, but carrying cash in the city brings its own risks. I never carry more than $100, let alone the $1200 I'd need today for an ounce of gold bullion.

*In the future, if I'm lucky enough to sell a coin for, say, $2000..Hmm, I'd probably accept a check.

Re: Perth Mint depository online data breach

Posted: Wed Sep 19, 2018 11:06 am
by jhogue
Pugchief,

Did you consciously decide at some point not to hold physical gold? Or, is it perhaps the consequence of the tax structure of your investment portfolio?

Re: Perth Mint depository online data breach

Posted: Wed Sep 19, 2018 1:36 pm
by dualstow
MangoMan wrote:
Wed Sep 19, 2018 12:51 pm
...
And what makes anyone think the Perth Mint is somehow safer than an ETF?
I don't think it's safer, but I like it better. Or, I did, rather. While I applaud them for being up front about the breach -- I'm looking at you, Marissa Mayer -- they are no longer on my list of possible storage solutions. I *would* buy coins from them, though.

Re: Perth Mint depository online data breach

Posted: Sat Jul 20, 2019 1:31 pm
by dualstow
Any update on this, Sophie? Have things gotten better or worse? The same?

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 7:45 am
by sophie
No info has been forthcoming and I doubt there will be anything. I wrote to them and got a snippy letter back that said I was welcome to take my business elsewhere if I wasn't happy with their security practices. I guess that means they will continue to outsource their Depository Online website & security.

I'm still not sure what to do, but I suspect that compared to private bullion services like Goldmoney or Texas Depository, they're neither more nor less safe. Their depository program is much safer than Depository Online, because it's managed on a computer with no internet access and you have to place a phone call to make purchases or withdrawals. They used to specify a minimum opening balance for the depository program, but I can't find it on the website? Wonder if that means they no longer hold you to a minimum?? Guess I'll have to ask them.

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 10:20 am
by dualstow
A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 10:39 am
by Kriegsspiel
dualstow wrote:
Sun Jul 21, 2019 10:20 am
A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.
Why don't you just buy some coins and keep them in your home?

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 10:45 am
by dualstow
Kriegsspiel wrote:
Sun Jul 21, 2019 10:39 am
dualstow wrote:
Sun Jul 21, 2019 10:20 am
A snippy letter back, eh? (sigh) I guess there is no perfect solution for physical.
And I don’t want etf’s. I’d rather not own gold at all than have just etf’s.
Thanks just the same for the follow-up.
Why don't you just buy some coins and keep them in your home?
I do. Some there, some at my dad’s — he already has his own numismatics there or I wouldn’t expose him — and some at the bank.

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 2:24 pm
by Kriegsspiel
Oh ok, the way you said it it...

Re: Perth Mint depository online data breach

Posted: Sun Jul 21, 2019 5:31 pm
by dualstow
Kriegsspiel wrote:
Sun Jul 21, 2019 2:24 pm
Oh ok, the way you said it it...
There is no comfort, no ideal, but I’m making do.
First World Problem, yes. O0

Re: Perth Mint depository online data breach

Posted: Tue Jul 23, 2019 8:34 am
by sophie
I got a response back: Depository Program no longer has minimums, so anyone can now use it. Nice, except that fees to purchase are high compared to Depository Online if your account is under $250K (2% with DP, vs. 0.5% with DO when you buy on a monthly schedule).

Since my login info, passport etc were part of the data breach, I'm wondering how much more secure I'd be in reality. Also, am asking them if they outsource security for DP as well....if so, then I wouldn't go for it. Otherwise, the extra purchase fee might be worth paying in exchange for extra security...what do you all think?

And yes I have some physicial gold, and ETFs in tax-advantaged accounts. I wanted the international diversification.

Re: Perth Mint depository online data breach

Posted: Tue Jul 23, 2019 9:45 am
by dualstow
sophie wrote:
Tue Jul 23, 2019 8:34 am
Since my login info, passport etc were part of the data breach,
I gave my info to Kraken, passport info included, just to access the bitcoin that Marc gave away, and it didn't work. Oops. At least you have your gold.

Re: Perth Mint depository online data breach

Posted: Wed Jul 24, 2019 6:04 pm
by sophie
Possibly helpful response from Perth Mint:
The Depository Online utilises a very current and high security data storage service, unfortunately in this world we are unable to provide guarantee that a breach won’t be attempted in the future, but please be assured that we are actively doing everything we can to prevent this. Please know that all balances on the account are completely guaranteed by the Western Australian Government.

The data for the Depository Program is held “in house” and is not held with a third party.
Well...what do you all think? I'm still on the fence about whether paying the extra 1.5% commission is worth an extra level of safety. Good to know that they'll restore the account if something happens.