Facebook Firestorm Creates Social Media Nightmare for Credit Union

An ugly situation with an Alabama credit union illustrates why having a social media policy signed by all employees is absolutely essential.

An employee of MAX Credit Union is accused of publishing Facebook posts that expose private banking dirt about one of the institution’s members.

Around March 12, posts allegedly written by the employee reportedly surfaced on a Facebook group called “Prattville-Millbrook Montgomery Black List” (no record of this group can be verified by The Financial Brand). The posts apparently reveal privileged and private financial information about a MAX Credit Union member, namely that the member had a negative balance and was incurring overdrafts. The posts, which had an air of vindictiveness, were signed with hashtags #perksofmynewjob and #iknoweveryonesdirt.

From media reports covering the story, it does not appear that ultra-sensitive information such as account numbers or social security numbers were divulged.

On Friday, March 13, a post on the MAX Facebook page accused one of the credit union’s employees of the alleged privacy breach, stating she had seen screenshots as evidence. It took a few days for the story to gain steam, but it caught fire with fuel from a local TV station.

max_credit_union_privacy_breach

Comments from the public started pouring in on the credit union’s Facebook page — over 120 comments so far. Some people have argued there was an attempt to cover up the facts, while others have expressed concerns about the safety of their own data. A significant number have threatened to close their accounts. A few have maintained a neutral state of objectivity, while a handful have come to the defense of the MAX employee.

Whether the posts were published directly by the employee remains a big question. It is entirely possible that someone with a grudge against the MAX employee faked the posts (not necessarily the alleged victim/accuser). Apparently no one has publicly corroborated claims that the original posts are authentic — a handful of people have only seen screenshots of them. The Financial Brand has not been able to locate the original posts nor any of the screenshots of the posts that are rumored to be circulating.

Key Questions: Is it clear the MAX employee authored the posts that appear to leak private details? No, at least not at this time. Could someone have used Photoshop to manipulate screenshots to look like damning evidence against the MAX employee? Yes. Could someone have created an account posing as the employee? Quite possibly. With over 1.5 billion users on Facebook, have some been wacky enough to do something dishonest like forging a status update? Definitely, yes.

No matter how this ultimately shakes out, someone did something incredibly dumb. Either the employee had to know they were facing certain termination for a blatant violation of banking’s most basic fiduciary covenant. Or someone framed the credit union employee, in which case they will undoubtedly be caught, likely lose a lawsuit, and possibly face jail time. Either way, human stupidity is at the root.

MAX Credit Union Responds

SVP of Marketing/eCommerce at MAX Credit Union, DG Markwell says MAX first became aware of the situation on March 12 when two people filed a report with employees at one of the credit union’s branches.

In response, the credit union says it launched an investigation led by “legal authorities” and their plan is to let the “investigative process work itself out.” MAX has not specified which law enforcement group(s) might be handling the investigation.

MAX put the accused employee on leave pending the investigation’s outcome, per the credit union’s policy. They did not say whether the employee was on paid- or unpaid leave.

“We have to protect the privacy issues of our customers and the privacy issues of the employee, so we’re just having to let [the investigation] take its natural flow,” Markwell explained. “When that’s finished, we’ll know exactly what’s going on and what’s not going on.”

“When it comes back, we’ll know what direction to go in,” Markwell concluded.

On March 17th, shortly after local new stations broke the story, MAX Credit Union posted the following to its Facebook page:

“MAX is working with local authorities to investigate reports alleging that a MAX employee commented on social media concerning a customer account. A thread of commentary began on the company’s Facebook page on Friday, March 13, and MAX has responded on its page to those concerned that the matter is under investigation.

We are collecting and analyzing all relevant facts and data. In the meantime, we emphasize the seriousness of our commitment to protecting our customers’ personal information. As always, any claims are taken extremely serious and are thoroughly investigated. MAX will continue to work with authorities to find the truth and take all appropriate action.”

Key Insight: Regardless of what was posted and by whom, this situation illustrates the importance of having internal policies covering what any employee posts on social media at any time — not just your institution’s authorized social media managers.

Any employee who works for a financial institution can gain (or has been given) access to sensitive information that must legally remain confidential. In the absence of a policy that specifically covers employees’ use of social media, a financial institution in a similar situation might be left looking foolish and feckless. Whether the MAX employee did wrong or not, the credit union was able to implement a clear series of steps that reduce their legal risk and further damage to the brand. This is why having a clearly defined policy with signed acknowledgements from employees is so important.

The Facebook Drama Deepens, With Accusations of ‘Murder’

No joke… this story involves accusations of “murder.” Based on Facebook comments, it seems the credit union member saying their privacy was violated by a MAX Credit Union employee is a user named Heather Starcher Scoggins. Heather’s husband, Erik Scroggins, was acquitted of murdering Brandon Headley back in May 2011.

According to court reports, Erik told sheriff’s investigators that he went to Headley’s home on March 18, 2011 because he wanted to have a talk with his ex-girlfriend. A disagreement ensued, and Erik apparently ended up killing Brandon with a single gunshot to the chest. A jury subsequently found Erik “not guilty” of murder, acquitting him under the controversial “Stand Your Ground” law his state adopted in 2006. (Remember the Trayvon Martin case?)

Facebook users including one named Hope Headley, who says she is the late Brandon Headley’s sister, have been posting comments on the page maintained by MAX Credit Union calling into question the character of her brother’s killer, Erik Scroggins, and his wife, Heather Starcher Scoggins, the chief complainant in the recent privacy debacle concerning MAX.

It’s an ugly series of comments, with accusations of “murder” and defensive counterclaims littered between posts from other users expressing concern and outrage about both issues — the alleged privacy breach involving Scroggins, and the death of Hoadley. It’s definitely not the kind of thing any financial institution wants to see on its Facebook page.

But MAX officials are in a tough spot. The credit union’s lawyers might be eager to shut the conversation down; it’s not hard to imagine an assortment of lawsuits that could spill out of this narrative. However, Facebook users would almost certainly accuse the credit union of “censorship” and trying to “run from the truth.” The currency and credibility of companies using social networks is directly tied to their level of transparency, and MAX seems willing to keep the conversation open… at least for the time being. Although it wouldn’t be surprising if the comments grew so incendiary that MAX might have to just shut the whole thing down — their entire Facebook page.

The whole sordid affair proves that there are reputational and legal risks whether your financial institution embraces social media or not. This situation could have happened to any bank or credit union, regardless of whether they maintained an official corporate Facebook page or not. A rouge employee or an angry member/customer can create havoc on Facebook for any financial institution given the right circumstances.

MAX Credit Union seems to be trying their best in a no-win situation, but they are walking a fine line. From a branding perspective, they are handling the crisis about as well as could be expected. Lawyers, however, might have a different take.

This article was originally published on . All content © 2019 by The Financial Brand and may not be reproduced by any means without permission.