Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Last year's vulnerability will not go away.
Texas largest credit union, Texas Dow Employees Credit Union (TDECU), has reported a massive data breach affecting more than 500,000 people. As a result of the incident, social security numbers, bank details and driver's license information could have been compromised.
The leak reportedly occurred due to a vulnerability in the MOVEit Transfer software (CVE-2023-34362) identified last year, through which the Clop group stole the data of over a hundred companies.
According to a statement from TDECU, the potential access to sensitive data was obtained by the attackers between May 29 and May 31, 2023. Even though the credit union's core security network was not breached, the leak occurred through a third-party provider that handled the data transmission.
A statement filed with the Maine Attorney General's Office indicated that the incident affected 500,474 people. TDECU has begun sending notifications to all victims and offers free credit monitoring services to those whose social security numbers may have been compromised.
At the moment, even though more than a year has passed since the leak, there have been no cases of fraud using stolen data, but TDECU strongly recommends that members of the union be vigilant.
Cyber expert Ken Dunham of the Qualys Threat Research Unit noted that vulnerabilities like the one exploited in MOVEit continue to pose a serious threat. Groups like Cl0p are exploiting these vulnerabilities to generate significant financial gains, he said. Dunham stressed the importance of proactive measures, such as regular testing and drilling, to effectively protect against cyber threats.
Organizations should conduct regular security audits, assess vulnerabilities, and train employees to minimize the risk of data breaches and protect sensitive customer information.
Source
Texas largest credit union, Texas Dow Employees Credit Union (TDECU), has reported a massive data breach affecting more than 500,000 people. As a result of the incident, social security numbers, bank details and driver's license information could have been compromised.
The leak reportedly occurred due to a vulnerability in the MOVEit Transfer software (CVE-2023-34362) identified last year, through which the Clop group stole the data of over a hundred companies.
According to a statement from TDECU, the potential access to sensitive data was obtained by the attackers between May 29 and May 31, 2023. Even though the credit union's core security network was not breached, the leak occurred through a third-party provider that handled the data transmission.
A statement filed with the Maine Attorney General's Office indicated that the incident affected 500,474 people. TDECU has begun sending notifications to all victims and offers free credit monitoring services to those whose social security numbers may have been compromised.
At the moment, even though more than a year has passed since the leak, there have been no cases of fraud using stolen data, but TDECU strongly recommends that members of the union be vigilant.
Cyber expert Ken Dunham of the Qualys Threat Research Unit noted that vulnerabilities like the one exploited in MOVEit continue to pose a serious threat. Groups like Cl0p are exploiting these vulnerabilities to generate significant financial gains, he said. Dunham stressed the importance of proactive measures, such as regular testing and drilling, to effectively protect against cyber threats.
Organizations should conduct regular security audits, assess vulnerabilities, and train employees to minimize the risk of data breaches and protect sensitive customer information.
Source
