Saturday, September 7, 2024
Homecyber securityTDECU MOVEit Data Breach, 500,000+ members' Personal Data Exposed

TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed

Published on

Texas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit.

The breach, which occurred between May 29 and 31, raised concerns about the safety of sensitive data, prompting TDECU to take immediate action to mitigate potential risks.

Details of the Breach

The breach was part of a broader cyberattack on MOVEit, a data transfer service thousands of organizations use worldwide.

- Advertisement - EHA

The attack, which affected over 20 million individuals globally, was carried out by a sophisticated bad actor who managed to access specific files containing sensitive personal information of TDECU members.

The compromised data includes full names, dates of birth, Social Security numbers, bank and financial account numbers, credit and debit card numbers, driver’s licenses, government IDs, and taxpayer identification numbers.

Upon learning of the breach on July 30, 2024, TDECU launched an immediate investigation with the assistance of external cybersecurity experts.

The investigation confirmed that while certain data was accessed, TDECU’s broader network security remained uncompromised.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Despite the severity of the breach, TDECU has not reported any incidents of identity or financial fraud linked to the exposed data.

TDECU’s Response and Member Support

In response to the breach, TDECU has begun notifying affected individuals as of August 23, 2024.

The credit union offers complimentary credit monitoring services to those whose Social Security numbers were impacted.

Affected members are advised to take precautionary measures, such as placing fraud alerts or security freezes on their credit files, obtaining free credit reports, and vigilantly monitoring their financial accounts for any signs of fraudulent activity.

TDECU has also set up a toll-free response line at 866-573-9704, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, to assist members with inquiries related to the breach.

The credit union is committed to providing ongoing support and guidance to help members protect themselves from potential identity theft.

Ongoing Efforts to Enhance Security

TDECU’s top priority remains the privacy and security of member information. In light of the breach, the credit union is taking significant measures to strengthen its data protection protocols.

This includes working closely with cybersecurity professionals to enhance security measures and prevent future incidents.

TDECU has emphasized the importance of transparency and accountability in handling the breach.

The credit union is committed to keeping members informed about the situation and any developments related to the investigation.

As the investigation continues, TDECU reassures its members that it is dedicated to safeguarding their personal information and maintaining their trust.

The credit union’s proactive approach to addressing the breach and supporting affected individuals underscores its commitment to member security and privacy.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...