BECU

The California Office of the Attorney General disclosed on July 25, 2022, that BECU suffered a vendor network security breach on June 6, 2022, compromising sensitive personal information. The exposed data included names, addresses, account numbers, credit scores, and Social Security numbers of affected individuals. The breach stemmed from a third-party vendor’s security failure, prompting BECU to immediately suspend services with the vendor to mitigate further risk. While the exact number of impacted individuals was not specified in the report, the nature of the leaked data particularly Social Security numbers and financial details poses significant risks for identity theft, financial fraud, and long-term reputational harm. BECU likely initiated notifications to affected members and regulatory bodies, though the article does not detail additional remediation steps like credit monitoring or legal actions against the vendor. The incident underscores vulnerabilities in supply chain cybersecurity, where third-party breaches can expose core customer data held by financial institutions.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-555597

TPRM report: https://www.rankiteo.com/company/becu

"id": "bec1037090725",
"linkid": "becu",
"type": "Breach",
"date": "5/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Banking/Financial Services',
                        'location': 'Washington, USA',
                        'name': "BECU (Boeing Employees' Credit Union)",
                        'type': 'Financial Institution (Credit Union)'},
                       {'name': 'Unnamed Vendor',
                        'type': 'Third-Party Service Provider'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': ['names',
                                                         'addresses',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial Data']},
 'date_detected': '2022-06-06',
 'date_publicly_disclosed': '2022-07-25',
 'description': 'The California Office of the Attorney General reported that '
                'BECU experienced a vendor network security incident affecting '
                'personal information, including names, addresses, account '
                'numbers, credit scores, and Social Security numbers. BECU '
                'took immediate action by suspending services with the vendor '
                'involved.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'account numbers',
                                 'credit scores',
                                 'Social Security numbers'],
            'identity_theft_risk': 'High (PII and SSNs exposed)',
            'operational_impact': 'Services suspended with the affected vendor',
            'payment_information_risk': 'Moderate (account numbers exposed)'},
 'references': [{'date_accessed': '2022-07-25',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to the '
                                                       'California Office of '
                                                       'the Attorney General'},
 'response': {'containment_measures': 'Suspended services with the vendor',
              'incident_response_plan_activated': True},
 'title': 'BECU Vendor Network Security Incident (2022)',
 'type': 'Data Breach (Third-Party Vendor)'}