What is the TDECU data breach related to MOVEit Transfer software?

The Texas Dow Employees Credit Union (TDECU) reported a data breach from May 2023 involving the MOVEit Transfer software. The breach exposed the personal information of 500,474 members and was discovered by TDECU on July 30, 2024. The breach is part of a larger global attack that began in June 2023.

What information was compromised in the TDECU data breach?

The compromised data includes full names, dates of birth, Social Security numbers, bank/financial account numbers, credit/debit card numbers, driver’s licenses/government IDs, and taxpayer identification numbers.

How did the TDECU data breach occur?

The breach occurred through a third-party vendor that used the MOVEit Transfer software to facilitate data transfers for TDECU. The vulnerability was part of a global attack, and the vendor failed to report the incident earlier, despite its significant impact.

Is there evidence of fraud or identity theft related to the TDECU breach?

TDECU claims that there is currently no evidence of identity or financial fraud related to this breach. However, the prolonged delay in detecting the breach raises concerns about the potential for future risks, including identity theft or financial fraud.

What concerns are raised by the delayed detection of the TDECU breach?

The delay of over a year in detecting the breach raises concerns about prolonged exposure and the increased risk of future identity theft or financial fraud. It also highlights questions about the third-party vendor’s handling of the incident and why it was not reported sooner.

Incident

Texas Dow Employees Credit Union reports MOVEit related breach 1.5 years after the incident

published: Aug. 26, 2024

Take action: It's unfathomable how or why the third-party vendor did not report the incident earlier, given the massive size of the incident during 2023. If you receive an incident report from a vendor a year after the incident, stop using that vendor immediately. They can't be trusted.

Learn More

The Texas Dow Employees Credit Union (TDECU) is reporting a data breach from May 2023, related to the MOVEit Transfer software that exposed the personal information of 500,474 members.

The breach, part of a larger global attack of vulnerability in MOVEit software that started in June 2023, was only discovered by TDECU on July 30, 2024. The incident involved a third-party vendor that facilitated data transfers for the credit union.

It's unfathomable how or why the third-party vendor did not report the incident earlier, given the massive size of the incident during 2023

During the breach, attackers accessed and potentially exfiltrated sensitive member data, including:

Full names
Dates of birth
Social Security numbers
Bank/financial account numbers
Credit/debit card numbers
Driver’s licenses/government IDs
Taxpayer identification numbers

TDECU claims that there is no current evidence of identity or financial fraud related to this breach. The massive delay in detecting the breach—over a year—raises concerns about prolonged exposure and the potential for future risks like identity theft or financial fraud.

Texas Dow Employees Credit Union reports MOVEit related breach 1.5 years after the incident

Read More
CHI Memorial reports possible data breach
Bitcointry Exchange reports security breach
Iranian IT vendor Tosan allegedly paying ransom to …
Supreme Bar Council of Poland reports third party …
CLEAResult reports MOVEit related data breach