Extra cause for concern?

In mid-March the new Secretary prepared the Draft Minutes of the February board meeting to distribute to the homeowners. There are 65 homeowners who have elected to receive copies of the draft monthly board meeting minutes via email. Additionally, the Secretary prints a few copies which are left in a box in the clubhouse for owners without email.

Along with the draft minutes from February, the board also wanted the secretary to distribute an information sheet regarding our new insurance policies slated to go into effect in May. When sending the emails, the Secretary attached the full Financial Statements from March instead of the insurance info.

Normally the automatic distribution for the full Financials is limited to the board and the members of the Finance Committee, which is about 8 people altogether. It's not really a problem that these went out to everyone since every howmeowner has a right to see it, if they ask (almost no one ever asks).

The potential problem some are squawking about is that detailed bank statements are included with the Financial. Every bank, every account number, every balance. This totals 6 banks, the operating account, and 5 reserve accounts that have about a million dollars between them.

Is this anything that should unduly worry anyone? It seems absurd that people who have no inkling of information security are all of a sudden "experts" when it comes to 75 copies of bank account information floating around in the wild. On the other hand, I see their point. I see this stuff every month when I review the financial reports and don't give it a second thought. But in "the wrong hands" this information might pose some risk. Has a widespread release raised the amount of risk to an unacceptable level?

I don't think so, but some homeowners are agitating for the board to get the account numbers changed. This seemingly simple change could entail a lot of work, or at least a lot of time. The board is not inclined to do that. The authorized signers on the accounts haven't changed and no online passwords have been revealed.

What do others think? I'm 50-50 on whether or not the bank account numbers should be changed. On the one hand I'd rather be safe than sorry, but on the other it might be a time-consuming effort for very little reduction in risk.

As for the board and the Secretary, the response has been, "Oops! Sorry! Won't happen again!"

Oh boy, thanks George. Exactly what I didn't want to hear I remain very interested in what others have to say.

I do like George's Law of Large Numbers though

I agree with what Sheila said. It's very difficult to get access to business accounts even if you're an official signer or whatnot. But it's a good idea to talk to your bank and see what they say - they'd likely have a better sense of how much risk you're at.

And offhand, what sort of insurance do you carry? We're required to carry enough to cover, at minimum, the amount we have in the bank plus the annual budget.

That said, if your HOA were my personal business, I'd change the account numbers out of an abundance of caution.

Geno

Do chat with the bank's rep. They might be able to "freeze" withdrawals from the account or at least set up a more secure method for withdrawals. I assume the accounts have "signers" that can make withdrawals thus this offers some protection.

Geno

You're worried that someone might drain the association's account because they were sent bank statements. If you look at the topic for 1st dregree misdemeanor, the association there is requesting SS#'s and actual bank statement, so I guess each for themselves.

The treasurer should get into online banking and set up alerts to be text messaged to a cell phone, so the accounts can be monitored in real time (or via email whenever email gets checked). For example, an alert sent for any transaction over $1 on the reserve account will alert you activity on that account. Also a low balance alert. You have a lot of control over what alert, when.

Actually, all treasurers should set up alerts.