BECU Notifies Impacted Members of Data Breach
The breach unveils personal information of an undisclosed number of BECU members.
The Tukwila, Wash.-based BECU began notifying impacted members on July 25 of a third-party data breach that uncovered the names, Social Security numbers, addresses and account information of an undisclosed number of members at the $29.5 billion credit union.
According to statements from BECU, the data breach was discovered on June 6 after the credit union’s printing vendor disclosed that sensitive personal and identifiable information belonging to BECU members had been compromised.
BECU stated the vendor, which prints monthly statements for BECU members, “experienced a network security incident that impacted their printing and notification services for our members and involved unauthorized access to certain data of some members. At that time, BECU took immediate measures to protect member information by suspending services with the vendor.”
According to BECU, once the breach was discovered, “The vendor engaged a third-party forensics firm to investigate the incident to identify what data was accessed and to restore operations. We continued to communicate with the vendor regularly throughout the investigation to monitor and understand implications for members.”
By July 5, BECU was able to determine the member information compromised by the data breach after the third-party forensics firm analyzed the breach. “We are satisfied with the steps the vendor has undertaken and have resumed regular operations,” BECU stated.
BECU did not state how many of the credit union’s 1.3 million members were impacted by the breach, but the credit union stated it “determined which members were affected by this incident.”
It’s also unclear when the data breach occurred. A statement on BECU’s website indicated the breach could have started in May. “Members impacted by this incident can review their notification letter for steps to take to protect their accounts, including an offer for free credit monitoring protection and suggestions to monitor their financial statements and credit reports for any suspicious or authorized activity, beginning in mid-May.”
Since notices began going out to BECU members on July 25, multiple law firms that specialize in data breach lawsuits have posted about “legal remedies” for those members who were impacted by the breach.