Over 75,000 people impacted in Lafayette Federal Credit Union data breach

Maryland-based Lafayette Federal Credit Union said the data security incident it suffered last year compromised the sensitive personal information of more than 75,000 individuals.

 

Headquartered in Rockville, Maryland, LFCU is a member-owned financial institution that offers a range of banking services, including checking and savings accounts, loans, mortgages, and investment products. As of November, the credit union served over 57.600 members and had over $2 billion in assets.

 

In a data security incident notice filed with the Office of the Maine Attorney General, LFCU said that on February 5, it detected suspicious activity in its internal network. The bank immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined that an unauthorised third party accessed the email account for a brief period on September 16, 2024, and may have acquired the information contained in the account,” the credit union said.

 

The compromised data included names and other personal identifiers along with Social Security Numbers of banking customers. LFCU said in its filing with the Maine state regulator that at least 75,545 individuals were impacted by the incident.

 

“We are taking steps to reduce the risk of this type of incident occurring in the future, including further enhancing our security measures,” LFCU said.

 

While the credit union found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks Credit 3B to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the ransomware attack on LFCU. The credit union also did not share details on who was behind the cyber attack, how much data was compromised, or whether it has received a ransom demand.