SRP Federal Credit Union, one of South Carolina’s largest financial institutions, recently disclosed a significant cyberattack that has affected over 240,000 of its members. The breach, which was detected after suspicious activity was noticed on the credit union’s network, occurred between September 5 and November 4, 2024. Upon discovering the unauthorized access, SRP Federal Credit Union immediately alerted law enforcement and launched an investigation to assess the scope of the incident. The investigation concluded on November 22, 2024.
While SRP Federal Credit Union has not provided full details on the nature of the stolen data, it confirmed that sensitive personal information was exposed. The compromised data includes names, Social Security numbers, driver’s license numbers, dates of birth, account numbers, and credit/debit card details. Notably, the credit union emphasized that its online banking system and core processing systems were not impacted by the attack, which may provide some reassurance to affected members.
A ransomware group named Nitrogen claimed responsibility for the cyberattack, asserting that it had stolen approximately 650 GB of data from the credit union’s systems. However, SRP has not confirmed that this was a ransomware attack, and details regarding the specific tactics used by the hackers remain unclear. Nitrogen, a relatively new player in the cybercrime world, had previously taken credit for a high-profile attack on Canadian video game developer Red Barrels, causing significant disruptions to the company’s operations.
The SRP breach highlights ongoing risks in the financial sector, particularly regarding cyberattacks targeting sensitive customer data. It follows a pattern of similar incidents, including widespread outages at other credit unions last year and another attack on a California-based credit union earlier in 2024. These breaches underscore the need for robust cybersecurity measures in protecting financial institutions and their members from increasingly sophisticated cyber threats. The situation remains under investigation, and SRP has assured members that it is taking appropriate steps to address the breach and mitigate future risks.
Reference:
