Texas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit.
The breach, which occurred between May 29 and 31, raised concerns about the safety of sensitive data, prompting TDECU to take immediate action to mitigate potential risks.
Details of the Breach
The breach was part of a broader cyberattack on MOVEit, a data transfer service thousands of organizations use worldwide.
The attack, which affected over 20 million individuals globally, was carried out by a sophisticated bad actor who managed to access specific files containing sensitive personal information of TDECU members.
The compromised data includes full names, dates of birth, Social Security numbers, bank and financial account numbers, credit and debit card numbers, driver’s licenses, government IDs, and taxpayer identification numbers.
Upon learning of the breach on July 30, 2024, TDECU launched an immediate investigation with the assistance of external cybersecurity experts.
The investigation confirmed that while certain data was accessed, TDECU’s broader network security remained uncompromised.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
Despite the severity of the breach, TDECU has not reported any incidents of identity or financial fraud linked to the exposed data.
TDECU’s Response and Member Support
In response to the breach, TDECU has begun notifying affected individuals as of August 23, 2024.
The credit union offers complimentary credit monitoring services to those whose Social Security numbers were impacted.
Affected members are advised to take precautionary measures, such as placing fraud alerts or security freezes on their credit files, obtaining free credit reports, and vigilantly monitoring their financial accounts for any signs of fraudulent activity.
TDECU has also set up a toll-free response line at 866-573-9704, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, to assist members with inquiries related to the breach.
The credit union is committed to providing ongoing support and guidance to help members protect themselves from potential identity theft.
Ongoing Efforts to Enhance Security
TDECU’s top priority remains the privacy and security of member information. In light of the breach, the credit union is taking significant measures to strengthen its data protection protocols.
This includes working closely with cybersecurity professionals to enhance security measures and prevent future incidents.
TDECU has emphasized the importance of transparency and accountability in handling the breach.
The credit union is committed to keeping members informed about the situation and any developments related to the investigation.
As the investigation continues, TDECU reassures its members that it is dedicated to safeguarding their personal information and maintaining their trust.
The credit union’s proactive approach to addressing the breach and supporting affected individuals underscores its commitment to member security and privacy.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial