SRP FCU Data Breach Affects 240,742 Members - Info Posted on Dark Web

SRP Federal Credit Union (“SRP FCU”), a financial institution serving over 195,000 members, recently experienced a significant data breach that exposed sensitive consumer information. The breach was discovered on November 22, 2024, after the company detected suspicious activity in its computer network.

A subsequent forensic investigation revealed that an unauthorized third party accessed SRP FCU’s systems between September 5, 2024, and November 4, 2024, and potentially acquired certain files during that time.

The breach affected a total of 240,742 individuals across the United States. Specific state-level impacts include 750 individuals in Texas, 29 in Massachusetts and 7 in Maine, as reported to their respective attorney general offices.

The compromised information includes:

• Full names
• Social Security numbers
• Driver’s license numbers
• Financial information (e.g., account numbers, credit or debit card numbers)
• Dates of birth

Fortunately, SRP FCU confirmed that its online banking system and core processing system were not impacted by the breach. However, the nature of the stolen data makes this breach particularly severe, as it involves highly sensitive personal and financial information that could be used for identity theft or financial fraud.

Details about the breach were disclosed to the Maine Attorney General's office, Massachusetts Attorney General's office and the Texas Attorney General's office on December 13, 2024. Affected individuals were notified via written notice sent through U.S. mail on December 12, 2024.

SRP Federal Credit Union's Response

In response to the breach, SRP FCU took immediate action to secure its systems and mitigate further risks. The company implemented its incident response protocols, notified law enforcement, and engaged a forensic security firm to investigate the incident and confirm the security of their systems.

To support affected individuals, SRP FCU is offering a complimentary one-year membership of Experian IdentityWorksSM Credit 3B, a credit monitoring and identity protection service. This service includes features such as credit monitoring across all three major credit bureaus, identity restoration support, and up to $1 million in identity theft insurance. Affected individuals can activate this service by visiting the Experian IdentityWorks website and using the provided activation code.

Additionally, SRP FCU has committed to enhancing its technical security measures to reduce the risk of similar incidents in the future.

Steps for affected individuals to take

If you have been notified that your information was part of this breach, it’s important to take immediate steps to protect yourself. Given the sensitive nature of the compromised data, including Social Security numbers and financial account details, you should:

1. Enroll in the complimentary credit monitoring service provided by SRP FCU. Follow the instructions in your notification letter to activate your Experian IdentityWorks membership.
2. Monitor your financial accounts and credit reports for any unusual or unauthorized activity. You can obtain free weekly credit reports from AnnualCreditReport.com.
3. Place a fraud alert or credit freeze on your credit file. A fraud alert notifies creditors to take extra steps to verify your identity before extending credit, while a credit freeze restricts access to your credit report entirely.
4. Report suspicious activity immediately to your financial institution, law enforcement, and the Federal Trade Commission (FTC). The FTC provides resources for victims of identity theft at www.ftc.gov/idtheft.
5. Be cautious of phishing attempts. Scammers may try to exploit the situation by posing as SRP FCU or other trusted entities. Verify communications and avoid sharing personal information over the phone or email unless you are certain of the recipient’s identity.

For additional guidance, refer to the resources provided in your notification letter or contact Experian’s customer care team for assistance with identity restoration.