Bayer Heritage Federal Credit Union, headquartered in West Virginia, fell victim to a cyberattack at the end of October 2023, lasting only a day but resulting in the exposure of 61,159 Social Security Numbers (SSNs). The breach, characterized as an external system incident, allowed an unauthorized actor to access Bayer’s systems, obtaining copies of sensitive files, potentially containing SSNs. While the sample consumer notice hints at ransomware involvement through the file name, details about any ransom or Bayer’s response remain undisclosed.
The compromised information includes names of victims, as suggested by the sample notice, with SSNs being explicitly listed in the Maine breach filing. The breach primarily impacts Bayer borrowers, but non-borrower associates may also be affected. The potential ransomware nature of the attack suggests a targeted focus on specific elements of Bayer’s network, explaining the limited data type and scale of exposure.
Bayer Heritage Federal Credit Union initiated investigations immediately after detecting the breach, concluding them around December 1st, 2023. The notification process commenced on February 2nd, 2024, after Bayer compiled a list of impacted individuals. The sensitive nature of the exposed data, especially SSNs, raises concerns about potential malicious identity schemes and unauthorized online sales. Affected parties are advised to secure their accounts, create alternative contact details, limit personal information online, and consider account monitoring services to mitigate potential damages from the breach.
