Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

Incident Of The Week: 15K Accounts Breached At U.K. Credit Union

Add bookmark
Dan Gunderman
Dan Gunderman
05/11/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a data breach that affected 15,000 members of a U.K.-based credit union.

Threat actors targeted the Sheffield Credit Union (SCU), and officials have warned against the potential compromise of personally identifiable information (PII). SCU said information including names, addresses, national insurance numbers and bank details were accessed, according to a report from the BBC.

The same report notes that the attack happened on Feb. 14, 2018, but only emerged recently after hackers attempted to demand a ransom on the heisted data.

South Yorkshire Police reportedly worked with the SCU and Action Fraud to ameliorate the situation. The BBC notes that the Information Commissioners Office (ICO) was also made aware of the occurrence. The SCU also said its security has heightened since. Nevertheless, the credit union is being cautious in warning that the incident could find hackers looking to defraud customers.

See Related: Incident Of The Week: Suspected DDoS Attack Disables Co. Site On Election Day

The SCU pointed out in a letter to its members that the breach "may expose you to text messaging, cold calling and attempts to defraud.”

Chairwoman of Trustees, Fiona Greaves, reportedly said that hackers likely accessed the data in a “brute-force” attack, in which they overpower systems with password combinations to crack the proverbial code.

She said that members do not need to assume that the data loss will result in “wholesale fraud,” but that “people need to be aware.” The credit union also suggests that members monitor accounts for anomalous activity.

Incident of the Week Credit Union Data Breach

In a news release on the SCU site, the credit union wrote that in the wake of the attack, “and numerous other similar attacks on businesses large and small,” its aim is to keep members “safe from scammers.”

It offers helpful tips for effective cyber hygiene, some of which include:

  • Use caution in giving out bank details; make sure you are 100% sure it’s the right organization
  • Do not change bank details without thorough vetting/verification
  • Only access a company’s official website; enter by typing the address in the browser
  • Log out of systems after you’ve finished
  • Add virus and malware protection to any device that uses the Internet (including IoT devices)
  • Carry out regular software updates (allow for automatic ones if possible)
  • In downloading software, ensure it’s from a reputable/verifiable source
  • Count on updating your passwords regularly (and making them complex)

While these tips are aimed at the SCU member base, they are largely applicable for the enterprise – as security teams oversee awareness campaigns to educate staffers about proactive cyber behavior/hygiene.

Both health and financial data (highly sensitive) will continue to fall within the crosshairs of hackers. Password offensives such as the “brute-force” attack can become a true thorn in the side of IT security practitioners.

In a recent article for the Cyber Security Hub, Integral Partners’ Director of Information Security Services, Kayne McGladrey, said, “Multi-factor authentication (MFA) that incorporates User Behavior Analytics (UBA) is the lowest-cost and easiest solution for organizations to prevent both credential stuffing and password spraying attacks. These attacks both work because the user account is typically protected with a password which may be stolen or guessed, and which may be reused at multiple websites and cloud services.

“MFA requires that the user provide a second form of authentication to access a cloud service… Modern MFA solutions incorporate UBA, which can require MFA only when the user is doing something unusual… This simple and elegant solution can protect both non-privileged business and privileged users.”

Be Sure To Check Out: Incident Of The Week: Drupal Vuln. Being Exploited By 'Muhstik' Botnet

Tags: Cyber Security IT Enterprise Credit Union Data Breach InfoSec Information Security Incident Response Cyber Tips News Release

Upcoming Events

Building cyber resilience

24 April, 2024
Online

Register Now | View Event
Building cyber resilience

Building high-performing development teams: Harnessing tools, processes & AI

02 May, 2024
Online

Register Now | View Event
Building high-performing development teams: Harnessing tools, processes & AI

Digital Identity Week

June 11 - 13, 2024
Melbourne, Victoria

Register Now | View Agenda | View Event
Digital Identity Week

Anti-Financial Crime Exchange Europe 2024

September 19-20
Frankfurt, Germany

Register Now | View Agenda | View Event
Anti-Financial Crime Exchange Europe 2024
MORE EVENTS

Follow Us

         

Latest Webinars

Building high-performing development teams: Harnessing tools, processes & AI

2024-05-02
11:00 AM - 12:00 PM EDT

Discover how to enhance your development team’s efficiency through advanced tools, Agile methodologi...
Building high-performing development teams: Harnessing tools, processes & AI

Building cyber resilience

2024-04-24
11:30 AM - 12:30 PM SGT

Why it’s essential that technology seamlessly connects IT, security, risk and the business
Building cyber resilience

Strategies to enhance secure customer onboarding

2024-03-27
11:30 AM - 12:30 PM SGT

Focus on achieving speedy and secure customer onboarding and combat user lifecycle fraud with phone...
Strategies to enhance secure customer onboarding
MORE WEBINARS

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy