A whistleblower who shared information about problems with customer account security at the Vanguard Group, the largest mutual fund company in the world, has been fired, TheStreet reports.
Karen Brock, a former client relationship administrator at the Vanguard Group’s Scottsdale, Ariz., office, told TheStreet in a recent interview about her ongoing concerns over the company’s security practices, which she claimed jeopardized clients’ investments and assets.
TheStreet published an investigative report August 10 detailing Ms. Brock’s concerns, which she repeatedly expressed to her superiors at Vanguard since 2013, but without consequence. Ms. Brock told TheStreet that customers could log into their online accounts even if the personal security information they used to log in contained typographical errors, among other problems.
Ms. Brock said the security flaw potentially exposed Vanguard’s 20 million customers to fraud and theft. TheStreet tested those claims by entering typos into the security answers of a personal account and found Ms. Brock’s allegations to be valid. Security experts contacted by TheStreet verified the alleged problems posed a serious risk.
“On some occasions, I have been able to get Vanguard to generate a link to a new password even after deliberately inserting typos into three security answers,” TheStreet’s Susan Antilla reported.
Although Vanguard’s networks haven’t been breached, security data shows it was subject to an extraordinarily high number of phishing attacks, requiring the company’s fraud department to notify customers of possible malicious attacks.
On Sept. 18, TheStreet reported that stockbroker records kept by the Financial Industry Regulatory Authority indicate that Ms. Brock was no longer employed with Vanguard or registered as a broker. Records show Aug. 27 was her last day at Vanguard.
TheStreet contacted Vanguard, but a spokeswoman declined to discuss Ms. Brock’s case, saying only that the company was confident in its security practices and that its customers’ accounts are safe.
Ms. Brock, however, was very clear about her termination when she spoke to TheStreet again recently.
“This is the way companies silence people and scare them from coming forward when things are going wrong” internally, Ms. Brock said. “This is in clear retaliation for the story coming out.”