The ransomware group, known as Embargo, claimed it stole 300 GB of data from Heritage South. The stolen data allegedly included debit card numbers, account numbers, addresses, dates of birth, phone numbers, email addresses, account balances, and debt, loan and insurance information, according to Comparitech — a consumer-focused cybersecurity and privacy website based in Maidstone, England, which reports on data breaches globally.

“To prove its claim, it (Embargo) posted (on its blog) what it says is the personal information of Heritage South’s CEO (Jamie Payton),” Comparitech reported. “Embargo gave Heritage South until February 18 to pay an undisclosed ransom to delete the stolen data.”

Payton did not respond to a CU Times request for comment.

On Feb. 12, Heritage South reported it had detected suspicious activity within its computer network.

“The forensic investigation determined that an unauthorized third party accessed our computer network on January 7, 2025, and again between February 6, 2025, and February 17, 2025,” the credit union stated in its data breach notification. “The investigation also determined that the third party may have acquired certain Heritage South files during the incident.”

Based on the results of the investigation, those files may have included members’ names, addresses, Social Security numbers, and financial account numbers.

The credit union’s breach notification was filed with the Massachusetts Attorney General’s office.

What’s more, on Feb. 12, Heritage South posted on social media that it was experiencing network issues and was working diligently to restore its systems.

Although on Feb. 14 the credit union said its ATMs were operational, it also said its ATMs were down, a Facebook posting showed. The message added that while its ATMs were not working, its mobile app was functioning normally. The credit union also said it had set up a mobile ATM unit at its main branch in Sylacauga to dispense cash to members.

On Feb. 16, Heritage South issued a fraud alert on social media warning members not to respond to fraudulent text messages. The following day, it reported that its ATMs were operational again and that mobile check deposits were being processed.

On March 1, the credit union issued a second warning advising members not to respond to fraudulent texts. On March 6, it posted a third warning urging caution when responding to unsolicited emails, phone calls or text messages.

In addition to securing its IT systems, Heritage South said it is taking further steps to reduce the risk of similar incidents in the future. The credit union is also offering its members complimentary identity theft protection services for two years.

AOD Federal Credit Union, meanwhile, detected unauthorized access to its network on Aug. 9, 2024, according to a breach notification the credit union filed with that Vermont Attorney General’s Office on March 27.

In response to the breach, AOD secured its network, launched an investigation and notified the FBI.

The credit union stated it had hired external cybersecurity professionals to conduct an extensive forensic investigation and manual document review. The investigation discovered on March 4, 2025, that an unauthorized actor may have accessed or acquired certain files containing personal information between Aug. 8 and Aug. 9, 2024, according to the data breach notification.

The compromised data may have included names combined with one or more of the following: Social Security numbers, dates of birth, bank or financial account numbers, routing numbers, credit or debit card numbers, driver’s license or government ID numbers, clinical or treatment information, health insurance member IDs or group numbers and Taxpayer Identification Numbers. AODFCU noted that the type of information exposed varied by individual.

The credit union recommended that affected members place a one-year fraud alert on their credit files at no charge.

READ MORE: Heritage South CU’s breach notification and AODFCU’s breach notification.

Peter Strozniak can be reached at [email protected].