Tuesday, November 12, 2024
Homecyber securityTDECU MOVEit Data Breach, 500,000+ members' Personal Data Exposed

TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed

Published on

Malware protection

Texas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit.

The breach, which occurred between May 29 and 31, raised concerns about the safety of sensitive data, prompting TDECU to take immediate action to mitigate potential risks.

Details of the Breach

The breach was part of a broader cyberattack on MOVEit, a data transfer service thousands of organizations use worldwide.

- Advertisement - SIEM as a Service

The attack, which affected over 20 million individuals globally, was carried out by a sophisticated bad actor who managed to access specific files containing sensitive personal information of TDECU members.

The compromised data includes full names, dates of birth, Social Security numbers, bank and financial account numbers, credit and debit card numbers, driver’s licenses, government IDs, and taxpayer identification numbers.

Upon learning of the breach on July 30, 2024, TDECU launched an immediate investigation with the assistance of external cybersecurity experts.

The investigation confirmed that while certain data was accessed, TDECU’s broader network security remained uncompromised.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Despite the severity of the breach, TDECU has not reported any incidents of identity or financial fraud linked to the exposed data.

TDECU’s Response and Member Support

In response to the breach, TDECU has begun notifying affected individuals as of August 23, 2024.

The credit union offers complimentary credit monitoring services to those whose Social Security numbers were impacted.

Affected members are advised to take precautionary measures, such as placing fraud alerts or security freezes on their credit files, obtaining free credit reports, and vigilantly monitoring their financial accounts for any signs of fraudulent activity.

TDECU has also set up a toll-free response line at 866-573-9704, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, to assist members with inquiries related to the breach.

The credit union is committed to providing ongoing support and guidance to help members protect themselves from potential identity theft.

Ongoing Efforts to Enhance Security

TDECU’s top priority remains the privacy and security of member information. In light of the breach, the credit union is taking significant measures to strengthen its data protection protocols.

This includes working closely with cybersecurity professionals to enhance security measures and prevent future incidents.

TDECU has emphasized the importance of transparency and accountability in handling the breach.

The credit union is committed to keeping members informed about the situation and any developments related to the investigation.

As the investigation continues, TDECU reassures its members that it is dedicated to safeguarding their personal information and maintaining their trust.

The credit union’s proactive approach to addressing the breach and supporting affected individuals underscores its commitment to member security and privacy.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...