The Connecticut Press Club said today that I have won first place in the “Specialty Articles — Business” category in its 2016 Communications Contest for my stories about cybersecurity weaknesses at the mutual fund company The Vanguard Group.
On Feb. 11, a puzzled customer of The Vanguard Group noticed that the firm had sent him 72 emails. But only one of them was meant for him.
For its latest glitch, you can read my column today.
The Vanguard Group, the world’s largest mutual fund company, has fired a whistleblower who shared information with TheStreet about deficiencies in the company’s customer account security.
Karen Brock, a client relationship administrator in Vanguard’s Scottsdale, Ariz., office, had told me that customers could access their Vanguard accounts even after entering typographical errors in their personal security answers. In my own account at Vanguard, I have repeatedly tested her assertions and found them to be true.
Brock also had detailed the complaints of a customer who said that he had asked his son to mimic his voice to test Vanguard’s “Voice Verification System.” Vanguard’s system allowed the son to gain access to the father’s account, Brock said. She also shared an internal training document where the names, email addresses, phone numbers and account numbers of several current or prospective clients had evaded the redaction process.
I spoke with Alison Morris of Fox 5 News in New York about my story on security lapses at the mutual fund giant The Vanguard Group. You can watch the video here.