Lydia Wedlock, editorial assistant, The Credit Union Connection
Cross Valley Federal Credit Union has informed members of a data breach incident. In a letter sent out to members on December 4, 2024, Cross Valley discovered that there had been unauthorized access on its network and immediately took steps to secure its network and contain the intrusion.
Additionally, the letter listed steps Cross Valley took to prevent more incidents in the future, such as additional verification clicks before links in emails open and enhanced security training.
We reached out to Cross Valley for comment, and they said they’d been advised by attorneys not to comment at this time. However, Chief Experience Officer Jill McGlynn did inform us that the “data extortion” incident did not disrupt business in any way and that the hackers did not have access to its core banking system.
Data breaches have a become a threat more credit unions have had to face. Back in the summer of 2024, Patelco Credit Union was hit with a ransomware attack that took down its essential computer functions and disrupted online banking services. During the autumn of the same year, SRP Federal Credit Union was attacked by a ransomware group called Nitrogen, and while its online banking systems and core processing were not affected, they did access the sensitive personal data of its members.
As a whole, financial institutions are continuing to get hit hard by data breaches. According to data from Kroll, the finance sector placed second when it comes to industries hit most by data breaches, just behind the healthcare industry. However, the data also found that the gap between first and second place was incredibly small and that ranking will probably continue to shift depending on which industries the bad actors decide to target. Additionally, while ransomware attacks as a whole have decreased when compared to 2023, they still remained a serious threat throughout 2024.
As for the types of fraud bad actors are committing once they’ve gotten their hands on the data from data breaches, Kroll found that the most common type between 2023 and 2024 was new credit card fraud. Other types of financial fraud that made the list were auto loan account fraud, new bank account fraud, and payday loans.
With this dramatic increase in fraud, credit unions have to work even harder to protect themselves and their computer systems. Having a cybersecurity and risk strategy in place can help mitigate the damage caused by hackers. At the same time, credit unions need to make sure that they are informing their members how to protect themselves and their accounts, especially if they regularly use your online banking services. Make sure that members can set up two-factor authentication on their online and mobile accounts, and if you offer identity theft protection services, inform members on where they can apply for those services. Your credit union should also make it clear where to go if at any point members believe their accounts have been compromised.
Cyber-attacks and data breaches are going to continue happening no matter what, so credit unions and their IT have to be on alert every day and act fast if and when a breach does happen. Credit unions also need to make sure that they are giving the proper amount of time and investment into their IT departments so they can keep up with whatever tricks hackers and scammers come up with next and develop even better systems to protect and defend against them. Finally, memberships need to be informed on best practices to protect their accounts from scams and hackers.