[PrettyPastry]

> One of the websites doing this, SunTrust Bank, sent the user name and password we entered to a third party, Jornaya, which says it encrypts and discards the data it collects.

Wow. Deep down the page is a nugget about suntrust just giving away your username and password. Big reminder to use unique passwords of every site.

[rs999gti]

Was there a TOS or service agreement sent to the customer?

Third party marketing data agreements, especially with anything dealing with money, are a usually bulletproof and opt-in.

[GauntletWizard]

Sure. They’re not going to sell your username and password. But they’re a marketing company, and my experience with marketing companies is that they view IT as a cost center (despite marketing companies being mostly IT driven these days), and don’t spend a lot of time, effort, or energy on security. When they have a breach, it’s going to cost you more than just privacy.