University Federal Credit Union

University Federal Credit Union Data Breach: Another MOVEit Victim

In a recent disclosure, the University Federal Credit Union (UFCU) admitted a data breach related to the cyberattack on third-party software MOVEit earlier this year.

The breach came to light in July when Cl0p listed UFCU as one of its victims.

Following a thorough four-month investigation, UFCU confirmed the breach, revealing crucial details and offering support to affected customers.

The Cause of the Breach

The breach was linked to UFCU’s use of MOVEit, a file-transfer application.

Progress Software, the creator of MOVEit, notified the University Federal Credit Union on May 31, 2023, of a critical vulnerability in the program that allowed hackers to access data stored on MOVEit servers.

Importantly, hackers did not directly infiltrate UFCU’s systems; all compromised files were housed within MOVEit.

University Federal Credit Union collaborated with third-party data security experts to conduct an investigation into the breach. Their findings revealed that an unauthorized party accessed and removed certain files containing confidential customer data stored on the MOVEit platform.

UFCU conducted a thorough review of the compromised files, determining the extent of information that had been leaked, which included names and financial account details.

The University Federal Credit Union Breach Details

The breach at UFCU was discovered after notification from MOVEit, their third-party vendor, during the original attack by Cl0p in May.

Unauthorized users gained access to data stored on the MOVEit software platform. The breach potentially affected 102,650 people and exposed sensitive financial information, including financial accounts and credit and debit card numbers.

Notably, UFCU informed the Attorney General of Maine, as state law imposes strict reporting requirements on breaches affecting its residents.

However, UFCU assured affected customers that, to their knowledge, there is no evidence of their information being used for financial fraud.

Support for Affected Parties

In response to the breach, UFCU has taken proactive measures to support those affected.

They are offering a year of free identity theft protection services to victims.

Additionally, they urge customers to remain vigilant and regularly review their financial account statements and credit reports to detect any fraudulent or irregular activity because, in such cases, stolen data exploitation for various online crimes, including identity theft and fraud, is most likely to happen.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Discord.io Data Breach Exposes Sensitive Information of About 760,000 Members

Data of Bangladeshi Citizens Exposed on Government Website

19 Year Old Spanish Hacker Arrested for Stealing Sensitive Data of Over Half a Million Taxpayers and Boasting About It on Podcast

Dating Apps Exposed Database Puts Millions Of Users At Risk