First Commonwealth Federal Credit Union - Provides Notice of Data Security Incident
First Commonwealth Federal Credit Union ("First Commonwealth") is a credit union located in Lehigh Valley, Pennsylvania, which experienced a data security incident that may have involved personal information belonging to certain individuals who are either current, or former, members. First Commonwealth is sending notification of this incident via U.S. Mail to potentially impacted individuals and provided resources to assist them. However, First Commonwealth after a diligent search was not readily in possession of mailing addresses for all potentially impacted individuals, and accordingly, this notice is being provided for the benefit of those individuals that could not be contacted via U.S. Mail.
On June 27, 2024, First Commonwealth discovered unusual network activity. In response, it immediately took steps to contain it and initiated an investigation with the assistance of independent cybersecurity experts. The investigation revealed that an unknown actor gained access to and obtained data from the First Commonwealth network without authorization on or around June 26, 2024. On July 1, 2024, after a comprehensive review of the potentially impacted data, First Commonwealth determined that personal information may have been involved. Since that time, First Commonwealth has worked diligently to identify current contact information needed to notify all potentially affected individuals.
First Commonwealth is not aware of any evidence of the misuse of any information potentially involved in this incident. However, on August 2, 2024, First Commonwealth provided notice of this incident to potentially impacted individuals whose address information could be verified. In so doing, First Commonwealth provided information about the incident and about steps that potentially impacted individuals can take to protect their information. First Commonwealth takes the security and privacy of information in its possession very seriously and is taking steps to prevent a similar event from occurring in the future.
The following information may have been involved in the incident: names, addresses, Social Security numbers, dates of birth, or account numbers.