Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

500k Impacted by Texas Dow Employees Credit Union Data Breach

The personal information of 500,000 Texas Dow Employees Credit Union members was compromised in the MOVEit hack last year.

Texas Dow Employees Credit Union (TDECU) is notifying over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year.

Conducted by the Russian-speaking Cl0p ransomware group, the hack came to light on May 31, 2023, when Progress Software warned that hackers had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software, tracked as CVE-2023-34362, to access customer data.

More than 2,700 organizations and roughly 96 million people are estimated to have been affected by the attack, cybersecurity firm Emsisoft says.

Last week, TDECU informed the Maine Attorney General’s Office that it’s sending notification letters to 500,474 individuals to inform them that files containing the personal information of its members were stolen from MOVEit during the hack.

In a notice on its website, the credit union said it determined on July 30, 2024, that the compromised information includes names, dates of birth, Social Security numbers, bank account numbers, credit card numbers, driver’s license numbers, other ID numbers, and taxpayer identification numbers.

“To date, TDECU is not aware of any incidents of identity fraud or financial fraud as a result of the incident,” the organization said.

However, the credit union is providing the impacted individuals with 12 months of free credit monitoring services and encourages them to place fraud alerts on their credit files, or request a security freeze if they are very concerned about fraud or identity theft.

The organization underlined that the incident was limited to files transferred using MOVEit and that its network’s security was not compromised.

Advertisement. Scroll to continue reading.

In June, shortly after Progress Software announced patches for two new MOVEit vulnerabilities, the non-profit cybersecurity organization Shadowserver Foundation warned that it was already seeing the first exploitation attempts targeting the bugs.

Related: University System of Georgia Says 800,000 Impacted by MOVEit Hack

Related: Arden Claims Service Reports Data Breach, 139,000 Affected

Related: Morgan Stanley to Pay $35M Fine for Exposing Information of Millions of Customers

Related: Over 15.1 Billion Records Exposed in Data Breaches in 2019

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights