Texas Dow Employees Credit Union (TDECU) is notifying over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year.
Conducted by the Russian-speaking Cl0p ransomware group, the hack came to light on May 31, 2023, when Progress Software warned that hackers had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software, tracked as CVE-2023-34362, to access customer data.
More than 2,700 organizations and roughly 96 million people are estimated to have been affected by the attack, cybersecurity firm Emsisoft says.
Last week, TDECU informed the Maine Attorney General’s Office that it’s sending notification letters to 500,474 individuals to inform them that files containing the personal information of its members were stolen from MOVEit during the hack.
In a notice on its website, the credit union said it determined on July 30, 2024, that the compromised information includes names, dates of birth, Social Security numbers, bank account numbers, credit card numbers, driver’s license numbers, other ID numbers, and taxpayer identification numbers.
“To date, TDECU is not aware of any incidents of identity fraud or financial fraud as a result of the incident,” the organization said.
However, the credit union is providing the impacted individuals with 12 months of free credit monitoring services and encourages them to place fraud alerts on their credit files, or request a security freeze if they are very concerned about fraud or identity theft.
The organization underlined that the incident was limited to files transferred using MOVEit and that its network’s security was not compromised.
In June, shortly after Progress Software announced patches for two new MOVEit vulnerabilities, the non-profit cybersecurity organization Shadowserver Foundation warned that it was already seeing the first exploitation attempts targeting the bugs.
Related: University System of Georgia Says 800,000 Impacted by MOVEit Hack
Related: Arden Claims Service Reports Data Breach, 139,000 Affected
Related: Morgan Stanley to Pay $35M Fine for Exposing Information of Millions of Customers
Related: Over 15.1 Billion Records Exposed in Data Breaches in 2019
