Saturday, January 18, 2025
Homecyber securityTDECU MOVEit Data Breach, 500,000+ members' Personal Data Exposed

TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed

Published on

SIEM as a Service

Follow Us on Google News

Texas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit.

The breach, which occurred between May 29 and 31, raised concerns about the safety of sensitive data, prompting TDECU to take immediate action to mitigate potential risks.

Details of the Breach

The breach was part of a broader cyberattack on MOVEit, a data transfer service thousands of organizations use worldwide.

The attack, which affected over 20 million individuals globally, was carried out by a sophisticated bad actor who managed to access specific files containing sensitive personal information of TDECU members.

The compromised data includes full names, dates of birth, Social Security numbers, bank and financial account numbers, credit and debit card numbers, driver’s licenses, government IDs, and taxpayer identification numbers.

Upon learning of the breach on July 30, 2024, TDECU launched an immediate investigation with the assistance of external cybersecurity experts.

The investigation confirmed that while certain data was accessed, TDECU’s broader network security remained uncompromised.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Despite the severity of the breach, TDECU has not reported any incidents of identity or financial fraud linked to the exposed data.

TDECU’s Response and Member Support

In response to the breach, TDECU has begun notifying affected individuals as of August 23, 2024.

The credit union offers complimentary credit monitoring services to those whose Social Security numbers were impacted.

Affected members are advised to take precautionary measures, such as placing fraud alerts or security freezes on their credit files, obtaining free credit reports, and vigilantly monitoring their financial accounts for any signs of fraudulent activity.

TDECU has also set up a toll-free response line at 866-573-9704, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, to assist members with inquiries related to the breach.

The credit union is committed to providing ongoing support and guidance to help members protect themselves from potential identity theft.

Ongoing Efforts to Enhance Security

TDECU’s top priority remains the privacy and security of member information. In light of the breach, the credit union is taking significant measures to strengthen its data protection protocols.

This includes working closely with cybersecurity professionals to enhance security measures and prevent future incidents.

TDECU has emphasized the importance of transparency and accountability in handling the breach.

The credit union is committed to keeping members informed about the situation and any developments related to the investigation.

As the investigation continues, TDECU reassures its members that it is dedicated to safeguarding their personal information and maintaining their trust.

The credit union’s proactive approach to addressing the breach and supporting affected individuals underscores its commitment to member security and privacy.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....