Texas Dow Employees Credit Union reports MOVEit related breach 1.5 years after the incident
Take action: It's unfathomable how or why the third-party vendor did not report the incident earlier, given the massive size of the incident during 2023. If you receive an incident report from a vendor a year after the incident, stop using that vendor immediately. They can't be trusted.
Learn More
The Texas Dow Employees Credit Union (TDECU) is reporting a data breach from May 2023, related to the MOVEit Transfer software that exposed the personal information of 500,474 members.
The breach, part of a larger global attack of vulnerability in MOVEit software that started in June 2023, was only discovered by TDECU on July 30, 2024. The incident involved a third-party vendor that facilitated data transfers for the credit union.
It's unfathomable how or why the third-party vendor did not report the incident earlier, given the massive size of the incident during 2023
During the breach, attackers accessed and potentially exfiltrated sensitive member data, including:
- Full names
- Dates of birth
- Social Security numbers
- Bank/financial account numbers
- Credit/debit card numbers
- Driver’s licenses/government IDs
- Taxpayer identification numbers
TDECU claims that there is no current evidence of identity or financial fraud related to this breach. The massive delay in detecting the breach—over a year—raises concerns about prolonged exposure and the potential for future risks like identity theft or financial fraud.
