close
close

MOVEit hack exposed personal information of half a million TDECU users

MOVEit hack exposed personal information of half a million TDECU users
Posted on | Posted on Theodore

Texas Dow Employees Credit Union (TDECU) recently disclosed to the Maine Attorney General’s Office that the personal information of over 500,000 of its members was compromised due to a data breach involving the MOVEit file transfer software.

The breach occurred over a year ago but was not discovered until July 2024. It has raised significant concerns about data security and the prolonged exposure of confidential information.

According to a statement from the Maine Attorney General’s Office last week, the compromised data includes names, dates of birth, social security numbers, bank account and credit card numbers, driver’s license numbers and tax identification numbers.

TDECU confirmed that the breach was limited to files transferred via MOVEit and that internal network security remained intact.

TDECU Notification and Support for Affected Members

The company has initiated notification measures to inform those affected by the breach starting August 23, 2024.

Although the credit union offers free credit monitoring services to those whose Social Security numbers were compromised, the long time it took to discover the data breach at TDECU has drawn criticism and highlighted the need for ongoing monitoring and robust cybersecurity practices.

“The fact that the TDECU breach went undetected for so long underscores the critical importance of rigorous and ongoing patch management,” said Darren Guccione, CEO of Keeper Security.

“Several patches were released following the MOVEit attack, and with attacks of this magnitude it is imperative that they are applied promptly. However, applying patches is only part of the solution – systems must also be continuously monitored for signs of unusual activity.”

To mitigate the impact of the breach, TDECU also advised its members to take preventive measures such as setting up fraud alerts or security freezes on their credit files and closely monitoring their financial reports for irregular activity.

The MOVEit data leak and its global impact

The MOVEit data breach, first discovered in May 2023, impacted thousands of organizations worldwide, affecting over 20 million individuals.

The breach was orchestrated by the Cl0p ransomware group, which exploited a vulnerability in the MOVEit software to exfiltrate data from numerous entities.

Ken Dunham, Cyber ​​​​Threat Director at Qualys, stressed that ransomware will remain one of the most widespread and damaging threats in 2024. The MOVEit incident is an example of how high the risk is when data security breaches occur.

“The vulnerability in the MOVEit managed file transfer software continues to be discussed because it is widely exploited,” Dunham noted. “It is important to apply the lessons learned in every organization.”

Adam Gavish, CEO of DoControl, echoed Dunham’s sentiment, adding that the impact of the MOVEit hack could last for months or even years, as stolen data could potentially surface on the dark web or be used in targeted attacks.

Read more about the MOVEit hack: MOVEit Exploitation Fallout Leads to Record Ransomware Attacks

“This situation highlights a critical point (…): the security of your data does not end at your network edge,” Gavish explained. “Organizations must conduct thorough audits of the data they have transferred through MOVEit or similar file transfer services. Understanding what sensitive information may have been exposed is critical to risk assessment and mitigation.”

Photo credit: JHVEPhoto / Shutterstock.com

Leave a Reply

Your email address will not be published. Required fields are marked *