NEW YORK (TheStreet) -- The Vanguard Group, the world's largest mutual fund company, has fired a whistleblower who shared information with TheStreet about deficiencies in the company's customer account security.
According to the public database of stockbroker records kept by The Financial Industry Regulatory Authority, or FINRA, Karen Brock, a client relationship administrator in Vanguard's Scottsdale, Ariz., office, is no longer employed by Vanguard or registered as a broker.
FINRA's public records said nothing about the reason for Brock's termination. But an unredacted version of her records supplied by a state securities regulator said that she had been discharged for "violation of Vanguard's Professional Conduct Policy."
The state records said that her last day at Vanguard was Aug. 27, 2015. Brock said in an interview that she was on family medical leave when she was fired.
Asked whether and why the firm had fired Brock, Vanguard spokeswoman Arianna Stefanoni Sherlock said in an email, "I can't discuss a personnel decision." Sherlock had said in an earlier interview that the firm investigated Brock's claims and remained "confident in our security practices and our efforts to keep our clients' information and their assets safe."
"This is the way companies silence people and scare them from coming forward when things are going wrong" internally, said Brock on Friday. "This is in clear retaliation for the story coming out."
On August 10, TheStreet published an article that detailed Brock's efforts since 2013 to get her bosses to address what she considers threats to the security of Vanguard's 20 million customers.
Brock told TheStreet that Vanguard had been aware since 2013 that customers could log in to their accounts even if they entered typographical errors in their personal security answers. In my own account at Vanguard, I have repeatedly tested her assertions and found them to be true. On some occasions, I have been able to get Vanguard to generate a link to a new password even after deliberately inserting typos into three security answers. Customers still can access their accounts despite typos in security answers.