Over 17,000 impacted in Cross Valley Federal Credit Union data breach

Cross Valley Federal Credit Union, a Wilkes-Barre, Pennsylvania-based financial organisation, said that the data security incident it suffered last year compromised the sensitive personal information of more than 17,000 individuals.

 

In a data security incident notice filed with the Office of Maine Attorney General, Cross Valley said that on December 4, it identified suspicious activity in its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Findings from the forensic investigation indicated that some data relating to Cross Valley Members may have been subject to unauthorised access. After a comprehensive review of the findings, Cross Valley identified a population of affected individuals and prepared to mail notices,” the bank said.

 

According to Cross Valley, the compromised data included customers’ names and other personal identifiers such as their Social Security Numbers. The bank’s filing with the Maine state regulator also revealed that at least 17,826 individuals were impacted by the incident.

 

“Since the discovery of the incident, Cross Valley acted quickly to contain the intrusion and secure its network. Cross Valley implemented a number of security enhancements designed to prevent similar incidents from occurring in the future. These enhancements include but are not limited to enhanced security training, additional verification clicks before emails links open, and sandboxing potential email threats,” the bank added.

 

Cross Valley has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through CyberScout to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the ransomware attack on Cross Valley. Cross Valley has also not shared details on who was behind the cyber attack, how much data was compromised, or whether it has received a ransom demand.