SRP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people. 

The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals. 

SRP revealed in a notice that the data breach was part of a two-month attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people and what you need to do to stay safe.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

SRP Federal Credit Union has reported a data breach that exposed the personal information of more than 240,000 individuals, according to documents filed Friday with regulators in Maine and Texas. 

The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The investigation concluded on Nov. 22, the company said.

SRP did not specify the exact details exposed in its notice to Maine regulators, saying only that names and government-issued identification were affected in the cyberattack. 

However, in a filing with Texas regulators, the company said names, Social Security numbers, driver’s license numbers, dates of birth and financial information, including account numbers and credit or debit card numbers, were compromised. SRP said the breach did not affect its online banking or core processing systems.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

Who’s responsible for the breach

SRP has not disclosed who was behind the attack or the attackers’ motives. However, the ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim’s files, systems or networks and demand payment to restore access.

The credit union could face legal challenges following the data breach, as Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was exposed. The firm is also encouraging affected individuals to join a potential class-action lawsuit.

SRP will provide impacted individuals with free-of-charge identity theft protection services, so take advantage of it to safeguard your information.

We reached out to SRP for comment but did not hear back by our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A person working on their laptop (Kurt “CyberGuy” Knutsson)

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

7 ways you can protect yourself from SRP data breach

If you have received a notice from SRP Federal Credit Union about the data breach, consider taking the following steps to protect yourself.

1. Monitor your accounts: Regularly check your bank accounts, credit card statements and other financial accounts for any unauthorized transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report, making it harder for identity thieves to open accounts in your name.

2. Freeze your credit: Consider freezing your credit to prevent new accounts from being opened without your consent. This service is free and can be lifted at any time.

3. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

4. Change your passwords: Update passwords for your online accounts, especially those related to banking and email. Use strong, unique passwords and consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication for added security.

5. Beware of phishing scams: Be cautious of emails, texts or calls claiming to be from SRP or related organizations. Avoid clicking on links or providing personal information unless you verify the sender.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Keep your device’s operating system updated: Make sure your cellphone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.

7. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach. Check out my top picks for data removal services here.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

Kurt’s key takeaway

The SRP Federal Credit Union data breach is a harsh reminder of how vulnerable our sensitive information can be. Over 240,000 individuals had their personal data compromised, including Social Security numbers, driver’s licenses and financial details. Even more alarming is the two-month window hackers had to exploit the credit union’s systems before being detected. This highlights significant gaps in cybersecurity protocols. If you’re an SRP customer, monitor your accounts closely, enable fraud alerts and consider identity theft protection services to stay ahead of potential threats.

Do you think financial institutions should be held more accountable for data breaches like this one? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

On Wednesday, the EU Commission submitted draft recommendations to Apple regarding changes that would make the iOS operating system more compatible with third-party devices like smartwatches, earbuds, and headsets. The Commission is also proposing measures to improve how Apple communicates with developers who make interoperability requests for iOS and iPadOS, including increased transparency around internal features and rejections.

The EU’s proposed iOS interoperability measures cover interactivity features like automatic audio switching, background activity like maintaining Bluetooth and network connections, and notifications — which could address long-standing complaints from iPhone users who are unable to send quick replies from connected Garmin watches, for example. The EU also proposes several measures to improve iOS data transfer interoperability across Airdrop, Airplay, media casting, Wi-Fi sharing, and close-range file transfers, alongside device configuration measures covering proximity-triggered pairing and automatic Wi-Fi connectivity.

Apple has raised concerns about the DMA’s interoperability mandates, as you’d expect. In a white paper published shortly after the EU’s announcement, Apple criticized “data-hungry companies” like Meta that have made numerous requests to access the iPhone maker’s software tools.

“Meta has made 15 requests (and counting) for potentially far-reaching access to Apple’s technology stack that, if granted as sought, would reduce the protections around personal data that our users have come to expect from their devices,” Apple said in the paper. “If Apple is forced to allow access to sensitive technologies that it has no ability to protect, the security risks would be substantial and virtually impossible to mitigate.”

Apple doesn’t specify which of the EU’s DMA proposals it takes issue with, generalizing them in their entirety as a risk to user privacy. Meta has hit back about being targeted in Apple’s complaint and says the iPhone maker is being anticompetitive.

“What Apple is actually saying is they don’t believe in interoperability,” an unnamed Meta spokesperson said in a statement to Bloomberg. “Every time Apple is called out for its anticompetitive behavior, they defend themselves on privacy grounds that have no basis in reality.”

The Commission is requesting feedback from companies seeking interoperability with Apple by January 9th, 2025. The interoperability recommendations proposed by the EU Commission are subject to change depending on submitted feedback. The final, legally-binding measures applying to Apple are expected to be finalized before March 2025. If Apple doesn’t comply then the EU may launch a formal investigation next year, and could be liable for fines up to 10 percent of its global annual sales.

Online financial scams have become increasingly sophisticated, targeting unsuspecting individuals through various deceptive techniques. Cybercriminals exploit trust and create convincing scenarios to steal personal and financial information, often using well-known platforms like PayPal as their hunting ground.

Take Paul from Massachusetts, for example. He recently wrote to us about his disturbing experience. It serves as a cautionary tale about the dangers of online financial transactions. Here’s his account in his own words.

“I wanted to sign up for PayPal and used Google to get the website. After the ‘website’ popped up, it asked me for the usual name, address, etc. and my credit card number with the expiration and 3-digit code. Almost immediately, I received a flash message from my credit card company asking if I made a purchase at a company in OKLA. I live in MA and had the card in my lap. The information was stolen, and a purchase was made almost immediately.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

“The credit card company tried to contact where the purchase was made but the telephone number was a fake. The thieves tried a second purchase which was declined as the credit card company closed my account. This all happened in a 10-minute span.”

Paul, we’re sorry to hear that this happened to you. Unfortunately, your experience is not uncommon, but by sharing your story, you’re helping others learn how to avoid similar scams.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Key takeaways from Paul’s experience

Paul’s unfortunate encounter with online fraud offers several important lessons. First, scammers have become adept at creating highly convincing fake websites that can easily fool unsuspecting users. These sites often mimic legitimate platforms down to the smallest details, making it crucial to verify the authenticity of any site requesting personal information.

Second, fraudulent transactions can occur with alarming speed once scammers obtain sensitive data. In Paul’s case, the thieves attempted to make purchases within minutes of acquiring his credit card information.

Third, credit card companies have developed sophisticated systems to detect suspicious activity rapidly, which can help mitigate potential losses. Paul’s credit card company quickly alerted him to the unauthorized transaction and took swift action to prevent further fraud.

Lastly, this incident underscores the critical importance of digital vigilance and careful online navigation. Always take the time to verify the authenticity of websites before entering any personal or financial information, especially when dealing with financial services or online payments.

A man typing on his laptop (Kurt “CyberGuy” Knutsson)

BEWARE OF THIS LATEST PHISHING ATTACK DISGUISED AS AN OFFICIAL EMAIL SENT BY GOOGLE

How to protect yourself from online financial scams

Protecting your financial information online is crucial. Here are some important steps you can take to safeguard yourself against cyber threats:

Verify the website’s authenticity: Before entering any personal information online, always double-check the URL of the website you’re visiting. Look for “https://” at the beginning of the address and a padlock icon in the address bar, which indicates a secure connection. To ensure you’re on the correct site, type the web address directly into your browser instead of relying on search engine results or clicking on links from emails.

Be wary of unsolicited communications: Legitimate companies will never send unsolicited emails asking for sensitive information. Avoid clicking on links in emails claiming to be from financial institutions, as these could be phishing attempts. Hover over the links to see the actual URL before clicking, as this can help you identify suspicious or misleading addresses. If you’re unsure about a communication, log in to your account directly through the official website or app to check for any notifications or requests.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Use strong authentication methods: Enable two-factor authentication on all your financial accounts to add an extra layer of security. Create unique, complex passwords for each of your accounts, avoiding the temptation to reuse passwords across multiple sites. Consider using a reputable password manager to help you generate and store strong passwords securely.

Monitor your accounts regularly: Make it a habit to check your financial accounts frequently for any unauthorized activities or suspicious transactions. Set up alerts for transactions on your credit cards and online payment accounts so you can be immediately notified of any activity on your accounts.

Be cautious with personal information: Never share your passwords or answers to security questions with anyone, no matter how trustworthy they may seem. Be skeptical of any requests for personal information, especially those that create a sense of urgency. Legitimate organizations will not pressure you to provide sensitive data immediately.

Use secure payment methods: When making purchases from unknown sellers, use protected payment options that offer buyer protection. Consider using credit cards for online purchases, as they often provide better fraud protection than debit cards. If a website offers multiple payment options, choose the most secure method available.

Use caution with public Wi-Fi: Avoid using public Wi-Fi networks for financial transactions, as these can be easily compromised. If you must access financial accounts while away from home, use a secure VPN connection to protect against being tracked and to identify your potential location on websites that you visit. Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

A man typing on his laptop (Kurt “CyberGuy” Knutsson)

SCAMMERS EXPLOIT GRIEF WITH FAKE FUNERAL STREAMING ON FACEBOOK

What to do if you suspect a scam

1. Act quickly: If you suspect your information has been compromised, change your passwords immediately.

2. Contact the company: Report any suspicious activity to the security team of the affected platform.

3. Alert your bank: Notify your bank or credit card company about potential fraudulent activities.

4. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of my No. 1 pick is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

5. Report the incident: Forward suspicious emails to the appropriate authorities and delete them from your inbox.

6. Monitor your credit: Keep a close eye on your credit reports for any unauthorized activities.

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

Kurt’s key takeaways

Protecting your financial information online is more crucial than ever. Paul’s experience serves as a stark reminder of how quickly things can go wrong when we let our guard down. By following the guidelines outlined above and remaining vigilant, you can significantly reduce the risk of falling victim to online financial scams. Remember, when it comes to your financial information, it’s always better to err on the side of caution. Take the extra time to verify websites, and be skeptical of unsolicited requests for information. Your financial security is worth the effort.

How do you think the responsibility for online security should be shared between individuals, companies and governments? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.