Vanguard Says Sending 71 Account E-Mails to Wrong Investor Was ‘Isolated Matter’

On Feb. 11, a puzzled customer of The Vanguard Group noticed that the firm had sent him 72 emails. But only one of them was meant for him.

Vanguard has a history of problems with online security and security of customer information, which I’ve written about here and here.

For its latest glitch, you can read my column today.

Vanguard Group Fires Whistleblower Who Told TheStreet About Flaws in Customer Security

The Vanguard Group, the world’s largest mutual fund company, has fired a whistleblower who shared information with TheStreet about deficiencies in the company’s customer account security.

Karen Brock, a client relationship administrator in Vanguard’s Scottsdale, Ariz., office, had told me that customers could access their Vanguard accounts even after entering typographical errors in their personal security answers. In my own account at Vanguard, I have repeatedly tested her assertions and found them to be true.

Brock also had detailed the complaints of a customer who said that he had asked his son to mimic his voice to test Vanguard’s “Voice Verification System.” Vanguard’s system allowed the son to gain access to the father’s account, Brock said. She also shared an internal training document where the names, email addresses, phone numbers and account numbers of several current or prospective clients had evaded the redaction process.

You can read my article about Brock’s firing here. You can see the original article that led to the firing here.

Antilla Talks to CNBC Squawk Box
About Security at Vanguard Group

CNBC’s SquawkBox invited me in yesterday to discuss my story about The Vanguard Group’s online security. A whistleblower has been speaking with me on the record about a complaint she filed against Vanguard with the Securities and Exchange Commission. You can read the article here.

And here’s the CNBC video: