Credit/AdobeStock
The $478 million Liberty First Credit Union in Lincoln, Neb., reported a data breach that may have affected 52,496 persons.
Although the credit union said in a Nov. 25 letter to consumers that the unauthorized access was limited to a portion of Liberty First’s internal network and did not involve its banking, online banking or payment systems, a cybersecurity firm reported that the credit union was hit by a ransomware attack orchestrated by the RansomHub group. The attackers claimed to have exfiltrated 254 GB of sensitive data, including client databases, passports and financial records, according to Halcyon in Austin, Texas, which specializes in ransomware solutions.
In Liberty First’s letter to members filed with Maine’s Attorney Generals office, the breach was discovered on Sept. 17. A week later, the credit union learned the unauthorized third party acquired files that contained some individuals’ personal information, but it didn’t determine until Oct. 21 what specific personal information had been accessed. Liberty First redacted that information from the letter.
“Please note the files acquired by the unauthorized third party did not contain any online banking log-in credentials or debit card number,” Liberty First’s letter stated.
Although the breach affected more than 52,000 people, the credit union currently serves 33,273, according to the NCUA. This could mean the breach also affected former Liberty First employees and members, business partners and vendors.
According to Halcyon, the hackers set a ransom deadline for Liberty First for Sept. 29, but it is unknown whether the credit union responded in any way to the purported attack. The credit union’s president/CEO, Frank Wilbur, did not respond to a CU Times phone and email request for comment.
Comparitech, a consumer website based in Maidstone, England, which provides information, tools, reviews and comparisons on cybersecurity and privacy topics, also tracks and reports on data breaches from around the world, including Liberty First.
“RansomHub’s proof pack did appear to contain balance sheets as well as customer account numbers and balances, however. A customer’s passport was also uploaded,” Comparitech reported last week. “Liberty First Credit Union hasn’t confirmed RansomHub’s claims or whether or not a ransom was demanded or paid.”
A ransomware "proof pack" refers to evidence provided by ransomware attackers to show they successfully encrypted or stole the victim's data, which is part of the extortion process to coerce the victim into paying a ransom.
RansomHub has become the most dominant ransomware group based on the number of postings to its data leak site. Since February 2024, Comparitech said it has tracked 71 confirmed attacks via this group and 399 unconfirmed attacks.
RansomHub is a ransomware-as-a-service variant believed to have ties to Russia, and it often uses a double-extortion technique, demanding a ransom for a decryption key to unlock the company’s systems and another for deleting all of the stolen data, according to Comparitech.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
