LAKE JACKSON, Texas–Texas Dow Employees Credit Union (TDECU) has sent letters to more than 500,000 people to alert them their personal data was compromised during the 2023 MOVEit attacks carried out by the Clop ransomware gang.
The announcement is the second in a week by a credit union alerting members their information is at risk, bringing to more than 1.2 million people the number who have been cautioned that they are at risk.
The MOVEit attacks were first discovered and reported in late May 2023, and have affected more than 2,700 organizations and 95 million people, according to SC Media.
In a notice on its website, the $4.8-billion TDECU said it first discovered on July 30 that the personal information of TDECU members was potentially removed from MOVEit by the threat actor.
‘Immediate Investigation’
“Upon learning of this issue, TDECU immediately commenced a prompt and thorough investigation. As part of the investigation, TDECU engaged external cybersecurity professionals who regularly investigate and analyze these types of situations to help determine the extent of any compromise of the information on the TDECU network. It was determined that there was no compromise of TDECU’s broader network security. Following our investigation, we discovered on July 30, 2024, that certain files containing personal information of TDECU members were potentially removed from MOVEit by the bad actor between May 29-31, 2023.
The impacted data includes full names in combination with date of birth, Social Security Number, account numbers, credit/debit card numbers, driver’s license data, government IDs and taxpayer information numbers.”
Statement to Members
“To date, TDECU is not aware of any incidents of identity fraud or financial fraud as a result of the incident,” the credit union said on its website. “Nevertheless, out of an abundance of caution, TDECU is providing notice to the affected individuals commencing on August 23, 2024. The notified individuals who have had their Social Security number impacted will receive complimentary credit monitoring services. Furthermore, notified individuals may take steps to protect themselves including placing a fraud alert/security freeze on their credit files, obtaining free credit reports, and remaining vigilant in reviewing financial account statements, explanation of benefits statements, and credit reports for fraudulent or irregular activity on a regular basis.
“In addition, individuals who may have had their Social Security number involved are encouraged to enroll in complimentary credit monitoring services provided in the notification letter,” TDECU added.
TDECU said in its statement there was no compromise of the credit union’s broader network security.
Second Announcement in Same Week
The TDECU announcement comes during the same week Patelco Credit Union in Dublin, Calif., has confirmed a ransomware attack that breached its systems has led to the exposure of personally identifiable data on more than 700,000 people, with much of that data now available for sale on the dark web on the RansomHub ransomware group’s website.
“The cybercriminals claimed to have conducted negotiations for two weeks, but could not reach an agreement with the financial organization so they are now auctioning the sensitive data they have stolen,” Security Week reported. “A sample made public by the hackers shows that the databases contained information such as name, postal address, phone number, email address, date of birth, gender, Social Security number, driver’s license number, password, and credit rating.”