SYLACAUGA, Ala.–An Alabama Credit Union has been hit by a ransomware group that claims to have stolen 300 gigabytes of member information and which has threatened to publish the information.
The $181.3-million Heritage South Credit Union has confirmed an unauthorized third party penetrated its computer network initially on Jan. 7, 2025, and again between Feb. 6, 2025, and Feb. 17, 2025, during which the hackers may have gained access to member data.
According to a recent report on the dark web, the ransomware group known as EMBARGO has claimed responsibility for the cyberattack, ClaimDepot.com reported. EMBARGO claims to have obtained approximately 300 GB of data from Heritage South Credit Union, including sensitive personal and financial information. The group has threatened to publish the stolen data within a few days, the report states.
At Least 2 Members Affected
The data breach notification filed with the Massachusetts Attorney General’s office indicates that two individuals in Massachusetts have been affected by the incident, ClaimDepot reported. The total number of individuals affected across other states has not yet been publicly disclosed.
The report filed with the Massachusetts Attorney General indicates that on Feb. 12 Heritage South Credit Union detected suspicious activity within its computer network and that it immediately began an internal investigation, notified law enforcement, and took steps to secure its systems. Heritage South Credit Union said it also immediately engaged a forensic security firm to assist with the investigation and ensure the security of its network.
PII Obtained
The forensic investigation revealed that the information stolen contains member Social Security numbers, account numbers, names and addresses, phone number and email addresses may have been obtained.
The credit union did not say how the breach occurred or how its systems were penetrated. It said it has enhanced its security since the breach and is offering members complimentary two-year membership to Experian IdentityWorks Credit 3B, which helps detect possible misuse of personal information and provides identity protection services focused on immediate identification and resolution of identity theft, according to the company.
A copy of the full data breach notification letter sent to affected individuals is available on the Massachusetts Attorney General’s website.
Fourth Such Recent Breach
As The CU Daily has recently reported, breaches have also been announced by:
In addition, TransUnion has just released a report saying data breach ‘severity’ has hit new highs. That story is here.
For all of the credit unions, law firms have already posted notices seeking plaintiffs for potential class actions.
