First Financial Credit Union Confirms Data Breach Resulted in Leaked Member Data

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, First Financial Credit Union (“FFCU”), based in Albuquerque, New Mexico, filed official notice of a data breach. The company also posted notice of the data security incident on its website. This notice explains that an unauthorized party was able to access certain FFCU files containing sensitive member data. More specifically, the leaked information includes members’ names, addresses, Social Security numbers, driver’s license numbers, government ID numbers, bank account information and credit card information. On April 6, 2022, First Financial provided official notice of the incident by sending all affected parties a “NOTICE OF DATA SECURITY INCIDENT.”

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the First Financial Credit Union data breach, please see our recent piece on the topic here.

More Details Related to the First Financial Credit Union Data Breach

Based on the information provided by FFCU in its most recent letter to members, the company recently learned that an unauthorized party was able to access portions of the FFCU computer network. While FFCU did not have any indication that the unauthorized party had used the information they obtained, the company launched an investigation into the incident. FFCU did so to both learn more about the cause of the incident as well as to determine if any member information was leaked.

Through this investigation, FFCU learned that some of the files that were accessible to the unauthorized party contained sensitive member information and that the unauthorized party had access to the company’s network between January 17 and February 6, 2022.

Once FFCU discovered that sensitive consumer data was leaked, the company then engaged in a detailed review of the compromised information to determine exactly what information was exposed and to whom it belonged. While the compromised information varies depending on the member, it may include your name, address, Social Security number, driver’s license or government ID number, bank account number and credit or debit card number.

On April 6, 2022, First Financial Credit Union sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About First Financial Credit Union

First Financial Credit Union is a financial services company based in Albuquerque, New Mexico. Founded by ten employees of Bell Telephone Company in 1937, FFCU initially only served employees of the company. However, as time went on, FFCU decided to broaden its member base. Today, First Financial Credit Union serves employees of more than 200 companies. The credit union offers the traditional services one would expect at a bank or credit union, including individual and business checking and savings accounts, mortgage loans, student loans, and personal loans. First Financial Credit Union has 286 people working for the company and generates approximately $28 million in revenue each year.

What Are a Company’s Data Security Obligations?

Under state and federal data breach and consumer protection laws, businesses and other organizations owe a duty to consumers to protect the sensitive information consumers trust them with. For years, this duty was easily met; as long as a company didn't intentionally use consumer data for illegal purposes, they stayed on the right side of the law. However, in more recent decades, the job of businesses has become much harder due to the ever-present threat cybercriminals pose to consumer data.

No longer can a company passively store consumer data. Today, businesses must employ high-tech data security systems to keep hackers and other cybercriminals at bay. Most organizations understand the importance of consumer privacy and the risks of allowing an individual’s data to end up in the hands of a hacker. However, the duty to maintain sensitive information is constantly evolving as hackers develop new and more sophisticated ways of orchestrating cyberattacks. Thus, organizations must continually update the data security measures they use to ensure they stay up-to-date against the most current threats.

If a business fails to maintain an adequate data security system and cybercriminals are able to exploit this weakness, victims of the breach may be able to pursue a data breach class action lawsuit against the company.

Data breach victims who are interested in learning more about their rights and what bringing a data breach class action lawsuit entails should reach out to a data breach attorney for assistance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide