University Federal Credit Union has disclosed a data breach linked to the cyberattack on third-party software MOVEit earlier this year, further expanding the list of victims attributed to the Russia-based Cl0p group. This notorious ransomware gang previously claimed the credit union as a victim in July, a claim substantiated by the institution’s recent statement to its customers.
After a thorough four-month investigation, the credit union confirmed the breach, which had initially been brought to their attention by MOVEit during Cl0p’s attack in May. According to the credit union, MOVEit reported a global data security event that granted unauthorized users access to data stored on its software platform.
The credit union, following Maine’s stringent reporting requirements on data breaches affecting its residents, informed the state’s attorney general about the breach, potentially affecting 102,650 individuals. The breach exposed financial account and credit/debit card numbers. While the credit union does not have evidence of financial fraud, it acknowledges that the stolen data could be exploited for online crimes, including fraud and identity theft, placing thousands of Americans at risk.
To assist affected customers, the credit union is offering a year of free identity theft protection services and advising vigilance in monitoring financial account statements and credit reports for any signs of fraudulent or irregular activity. The credit union continues to actively monitor the situation, emphasizing the need for ongoing vigilance in the face of potential future attacks leveraging the exposed data.