LINCOLN, Neb.—The $479-million Liberty First Credit Union recently disclosed it suffered a data breach that compromised the sensitive personal data of thousands of individuals, Levi & Korsinsky, LLP, reported.
According to Levi & Korsinsky, on Sept. 17 LFCU became aware of a security incident on its IT network.
“LFCU launched an investigation with the assistance of third-party cybersecurity experts to determine the nature and scope of the incident. The forensic investigation determined that the unauthorized third party may have accessed and acquired certain files from its systems. It was discovered that unauthorized access was limited to a portion of its internal network and did not involve unauthorized access to its banking, online banking or payment systems,” the law firm said.
On Sept. 24, LFCU learned that the unauthorized third party acquired files that contained some individuals' personal information, Levi & Korsinsky said.
“LFCU then launched a comprehensive review of the incident to confirm the exact type of information breached and identify the individuals impacted. Although the exact type of information involved in the data breach is not confirmed, the information impacted may involve the following types of sensitive personal information: name, date of birth, and Social Security number,” Levi & Korsinsky said.
On Nov. 25, LFCU issued a public disclosure and started sending notice letters to the impacted individuals, Levi & Korsinsky added.
Ransomware Attack?
Separately, security platform Halcyon called the LFCU breach a ransomware attack.
“The attackers claim to have exfiltrated 254 GB of sensitive data, including client databases, passports, and financial records,” Halcyon said, noting RansomHub, a ransomware group, claimed responsibility for the attack. Halycon noted that Ransomhub had set a ransom deadline of Sept. 29, 2024.
CUToday.info reached out to LFCU, but comment was not provided by press time.