SSN, Banking Details at Risk in Major Texas Credit Union Breach
The largest credit union in Texas, Texas Dow Employees Credit Union (TDECU), has reported a significant data breach affecting more than 500,000 individuals. The incident may have compromised Social Security numbers, banking details, and driver’s license information.
The breach reportedly stemmed from a vulnerability discovered last year in the MOVEit Transfer software (CVE-2023-34362), which allowed the Clop group to steal data from over a hundred companies.
According to TDECU’s statement, unauthorized access to sensitive data occurred between May 29 and May 31, 2023. While the credit union’s main security network remained intact, the breach happened through a third-party vendor responsible for data transmission.
A filing with the Maine Attorney General’s Office revealed that the incident affected 500,474 individuals. TDECU has begun notifying all those impacted and is offering complimentary credit monitoring services to those whose Social Security numbers may have been compromised.
Although more than a year has passed since the breach, no cases of fraud using the stolen data have been reported; however, TDECU strongly advises its members to remain vigilant.
Cybersecurity expert Ken Dunham of Qualys Threat Research Unit noted that vulnerabilities like the one exploited in MOVEit continue to pose a serious threat. He explained that groups such as Cl0p leverage these weaknesses for substantial financial gain. Dunham emphasized the importance of proactive measures, such as regular testing and drills, to defend against cyber threats effectively.
This incident serves as a stark reminder of the necessity to prioritize cybersecurity, particularly protecting data transmitted through third parties. Organizations must conduct regular security audits, assess vulnerabilities, and train employees to minimize the risk of data breaches and safeguard their clients’ sensitive information.