SRP Federal Credit Union, a South Carolina-based financial institution, experienced a massive data breach affecting more than 240,000 people.
Credit unions handle hundreds of thousands of Americans' confidential information, which is now in the hands of cybercriminals.
In a notice, SRP revealed that the data breach was part of a two-month attack by hackers, and why it took so long for the company to detect the compromise to its systems. caused concern. Learn more about the data breach, how it affects people, and what you need to do to stay safe.
What you need to know
SRP Federal Credit Union reported a data breach that exposed the personal information of more than 240,000 people, according to documents filed Friday with regulators in Maine and Texas.
The company announced that it had discovered suspicious activity on its network and notified the police. The investigation revealed that hackers may have accessed the credit union's systems and obtained confidential files between September 5th and November 4th. The investigation ended on November 22, the company said.
SRP did not provide the exact details exposed in the notice to Maine regulators, saying only that names and government-issued identification documents were affected by the cyberattack.
However, the company said in a filing with Texas regulators that financial information including names, social security numbers, driver's license numbers, dates of birth, account numbers, and credit and debit card numbers were compromised. . SRP said the breach did not affect online banking or core processing systems.
Who is responsible for the violation?
SRP has not revealed who is behind the attack or the motives of the attackers. However, ransomware group Nitrogen claimed responsibility last week for stealing 650GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim's files, systems, or networks and demand payment to restore access.
Credit unions could face legal challenges following data breaches, as the Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was compromised. The company is also encouraging affected individuals to participate in a potential class action lawsuit.
SRP provides identity theft protection services free of charge to affected individuals, so take advantage of it to help protect your information.
SRP did not respond to a request for comment by deadline.
7 ways to protect yourself from SRP data breaches
If you receive a data breach notification from SRP Federal Credit Union, please consider taking the following steps to protect yourself.
1. Monitor your account: Regularly check your bank accounts, credit card statements, and other financial accounts for fraudulent transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit report. This makes it difficult for identity thieves to open accounts in your name.
2. Freeze your credit: Consider freezing your credit to prevent new accounts from being opened without your consent. You can cancel this service at any time for free.
3. Use identity theft prevention services: Consider signing up for an identity theft protection service that monitors your personal information and alerts you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer identity theft recovery insurance and assistance for added peace of mind. Check out our tips and recommendations on how to protect yourself from identity theft.
4. Change your password: Update your passwords for online accounts, especially those related to banking and email. Use strong, unique passwords, and consider using a password manager to generate and store complex passwords. Also enable two-factor authentication for added security.
5. Be careful of phishing scams: Be wary of emails, text messages, or phone calls claiming to be from SRP or affiliated organizations. Don't click on links or provide personal information unless you verify the sender.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Check out my picks for the best antivirus protection products of 2024 for your Windows, Mac, Android, and iOS devices.
6. Keep your device operating system up to date: Enables mobile phones and other devices to automatically receive operating system updates in a timely manner. These updates often include critical security patches that protect against new vulnerabilities exploited by hackers. For reference, see our guide on how to keep all your devices up to date.
7. Invest in a personal data deletion service: Consider a service that scrubs personal information from public databases. This makes it less likely that your data will be used for phishing or other cyber-attacks after a breach. Check out the data deletion services I recommend here.
