ABNB Federal Credit Union

The Vermont Office of the Attorney General disclosed a data breach at ABNB Federal Credit Union on December 22, 2023, stemming from vulnerabilities in the MOVEit Transfer software. Unauthorized actors exploited these flaws between May 27 and 31, 2023, gaining access to the personal information of an undisclosed number of members. While the breach exposed sensitive data, there is no evidence of fraud or misuse tied to the compromised accounts. The incident highlights risks associated with third-party software vulnerabilities, particularly in financial institutions where member trust and data security are critical. The lack of confirmed fraud suggests containment measures may have mitigated immediate harm, but the exposure of personal information remains a significant concern for affected individuals and regulatory compliance.

Source: https://ago.vermont.gov/document/2023-12-22-abnb-federal-credit-union-progress-software-moveit-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/abnb-federal-credit-union

"id": "abn733082025",
"linkid": "abnb-federal-credit-union",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown number of members',
                        'industry': 'Financial Services',
                        'location': 'Vermont, USA',
                        'name': 'ABNB Federal Credit Union',
                        'type': 'Credit Union'}],
 'attack_vector': 'Exploitation of software vulnerability (MOVEit Transfer)',
 'data_breach': {'data_exfiltration': 'Yes (unauthorized access)',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personal information)',
                 'type_of_data_compromised': 'Personal information'},
 'date_publicly_disclosed': '2023-12-22',
 'description': 'The Vermont Office of the Attorney General reported a data '
                'breach involving ABNB Federal Credit Union on December 22, '
                '2023. The breach was related to vulnerabilities in the MOVEit '
                'Transfer software, and unauthorized access occurred between '
                'May 27 to 31, 2023, affecting personal information of an '
                'unknown number of members. There is no evidence of fraud '
                'related to the affected accounts.',
 'impact': {'data_compromised': ['Personal information'],
            'identity_theft_risk': 'No evidence of fraud (as of disclosure)',
            'systems_affected': ['MOVEit Transfer']},
 'initial_access_broker': {'entry_point': 'MOVEit Transfer vulnerability'},
 'investigation_status': 'Ongoing (no evidence of fraud as of disclosure)',
 'post_incident_analysis': {'root_causes': 'Exploitation of MOVEit Transfer '
                                           'vulnerability'},
 'references': [{'date_accessed': '2023-12-22',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via Vermont Office '
                                        'of the Attorney General'},
 'title': 'Data Breach at ABNB Federal Credit Union via MOVEit Transfer '
          'Vulnerability',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit Transfer vulnerability'}