Embargo ransomware group claims 300GB data theft from Alabama credit union

Alabama-based Heritage South Credit Union said it suffered a serious data security incident in February that compromised the sensitive personal information of its customers.

 

Originally chartered in 1937, Alabama-based Heritage South Credit Union offers a range of banking services, including checking and savings accounts, loans, mortgages, and investment products. The bank has more than 14,000 members in Sylacauga, Childersburg, Moody, and Alexander City in Alabama and has more than $160 million in assets under management.

 

In a filing with the Office of Attorney General of Massachusetts, Heritage South said that on February 12, it identified suspicious activities in its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident and notified relevant law enforcement authorities.

 

“The forensic investigation determined that an unauthorised third party accessed our computer network on January 7, 2025, and then between February 6, 2025, and February 17, 2025. The investigation also determined that the third party may have acquired certain Heritage South files during the incident,” reads the notice.

 

The compromised data included members’ names, addresses, Social Security numbers, and financial account numbers. The notice, however, does not state the number of affected individuals.

 

“We are taking further steps to reduce the risk of this type of incident occurring in the future, including enhancing our technical security measures,” Heritage South added.

 

The credit union has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Experian IdentityWorks Credit 3B to all affected individuals.

 

On February 14, the Embargo ransomware group claimed responsibility for the cyber attack on Heritage and listed it as a victim on its data leak site.

 

 

The group claimed to be in possession of 300GB of organisation’s data and threatened to leak the same after February 18 if the credit union didn’t pay a ransom. The credit union did not address the hacker group’s claims or whether it paid a ransom to regain access to the stolen data.