Credit union in Connecticut experiences data leak
In a series of recent data breaches, several financial institutions, including Connex Credit Union, Western Alliance, TDECU, and Capital One, have been impacted. The incidents highlight common causes such as third-party negligence, cloud misconfigurations, delayed patching of vulnerabilities, phishing attacks, and human errors.
Last year, Connex Credit Union experienced a data breach that affected approximately 172,000 individuals. The breach was discovered on June 3, 2023, after the credit union noticed unusual activity in its cyber environment. An investigation revealed that certain files may have been accessed or downloaded without authorization on June 2 and 3.
Following the breach, Connex Credit Union established a toll-free call center to address customer questions and concerns. The credit union also reported the incident to the Maine attorney general's office on August 7. As a precaution, Connex is offering customers a year of complimentary credit and identity protection services through TransUnion unit CyberScout.
The potentially exposed data elements include names, account numbers, debit card information, Social Security numbers, and government identification used to open accounts. The credit union has identified the affected individuals by July 27.
Connex is not alone in experiencing a data breach. In 2019, Capital One suffered a breach that exposed the personal data of 106 million people, making it one of the most infamous bank hacks in the past decade. The ex-Amazon Web Services employee responsible for the Capital One breach, Paige Thompson, was convicted in 2022.
Capital One paid an $80 million penalty to the Office of the Comptroller of the Currency (OCC) and another $190 million to settle a class-action lawsuit due to the breach. Several big banks temporarily stopped sharing information electronically with the agency due to the incident.
TDECU was also one of several dozen financial institutions affected by a MoveIt cybersecurity incident. The breach did not involve unauthorized access to member accounts or funds, according to the credit union. However, TDECU learned about the incident more than a year after it occurred.
Another institution, Western Alliance, suffered a data breach this year, potentially exposing 22,000 customers' information. The breach went undetected for over three months due to a vulnerability in a third-party vendor's file transfer software.
To prevent such incidents, financial institutions can implement measures such as regular cybersecurity awareness training, multi-factor authentication, robust cybersecurity policies, layered defense technology, incident response planning, monitoring and alerts, and verification and skepticism protocols. By addressing these root causes, credit unions can significantly reduce the likelihood and impact of data breaches.
In response to the breach, Connex Credit Union has published a banner on its website alerting customers to beware of scammers impersonating Connex employees. The credit union encourages customers to remain vigilant and report any suspicious activity immediately.
- The cybersecurity incident at Connex Credit Union, which exposed personal data such as names, account numbers, debit card information, Social Security numbers, and government identification, underscores the importance of robust cybersecurity measures in the banking-and-insurance industry.
- To mitigate risks in the future, technology solutions like regular cybersecurity awareness training, multi-factor authentication, and layered defense technology can strengthen a financial institution's defense against potential attacks in both the finance and cybersecurity sectors.
