SRP Federal Credit Union, a South Carolina-based financial institution, has suffered a major data breach impacting over 240,000 people. The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals.
SRP revealed in a notice that the data breach was part of a two-month-long attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people, and what you need to do to stay safe.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know
SRP Federal Credit Union has reported a data breach that exposed the personal information of more than 240,000 individuals, according to documents filed Friday with regulators in Maine and Texas.
The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The investigation concluded on Nov. 22, the company said.
SRP did not specify the exact details exposed in its notice to Maine regulators, saying only that names and government-issued identification were affected in the cyberattack.
However, in a filing with Texas regulators, the company said names, Social Security numbers, driver’s license numbers, dates of birth, and financial information—including account numbers and credit or debit card numbers—were compromised. SRP said the breach did not affect its online banking or core processing systems.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Who’s responsible for the breach
SRP has not disclosed who was behind the attack or the attackers’ motives. However, the ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim’s files, systems, or networks and demand payment to restore access.
The credit union could face legal challenges following the data breach, as Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was exposed. The firm is also encouraging affected individuals to join a potential class-action lawsuit.
SRP will provide impacted individuals with free-of-charge identity theft protection services, so take advantage of it to safeguard your information.
We reached out to SRP for comment but did not hear back by our deadline.
MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
6 ways you can protect yourself from SRP data breach
If you have received a notice from SRP Federal Credit Union about the data breach, consider taking the following steps to protect yourself:
1) Monitor your accounts: Regularly check your bank accounts, credit card statements, and other financial accounts for any unauthorized transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit report, making it harder for identity thieves to open accounts in your name.
2) Freeze Your Credit: Consider freezing your credit to prevent new accounts from being opened without your consent. This service is free and can be lifted at any time.
3) Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Exclusive CyberGuy deal: 66% off Ultra Annual Plans: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
4) Change your passwords: Update passwords for your online accounts, especially those related to banking and email. Use strong, unique passwords, and consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication (2F) for added security.
5) Beware of phishing scams: Be cautious of emails, texts, or calls claiming to be from SRP or related organizations. Avoid clicking on links or providing personal information unless you verify the sender.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Holiday Special for CyberGuy Readers (ends Friday, 12/20): My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers:
- Option 1: $19 / 5 licenses (protects 5 devices)
- Option 2: $14.95 / 3 devices (protects 3 devices)
6) Keep your device’s operating system updated: Make sure your cell phone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.
7) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI
Kurt’s key takeaway
The SRP Federal Credit Union data breach is a harsh reminder of how vulnerable our sensitive information can be. Over 240,000 individuals had their personal data compromised, including Social Security numbers, driver’s licenses, and financial details. Even more alarming is the two-month window hackers had to exploit the credit union’s systems before being detected. This highlights significant gaps in cybersecurity protocols. If you’re an SRP customer, monitor your accounts closely, enable fraud alerts, and consider identity theft protection services to stay ahead of potential threats.
Do you think financial institutions should be held more accountable for data breaches like this one? Let us know in the comments below.
FOR MORE OF MY TIPS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.