Boeing Employees' Credit Union

The Washington State Office of the Attorney General disclosed a data breach targeting Boeing Employees' Credit Union (BECU) in July 2020, originating from a cyberattack involving skimmers that began on April 1, 2020. The incident compromised sensitive financial data of 4,883 members, including names, card numbers, CVV codes, PINs, and expiration dates. Such exposed information poses significant risks of fraudulent transactions, identity theft, and unauthorized account access, directly impacting members' financial security. The breach was executed through malicious skimming devices or digital skimming techniques, likely deployed on payment systems or online portals. While the attack did not involve ransomware or large-scale systemic disruption, the theft of payment card details especially PINs and CVVs elevates the severity due to the potential for immediate financial exploitation. The breach underscores vulnerabilities in transactional security protocols and highlights the need for robust fraud detection and customer notification mechanisms to mitigate downstream risks like phishing or secondary fraud attempts.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10567

TPRM report: https://www.rankiteo.com/company/becu

"id": "bec550091725",
"linkid": "becu",
"type": "Cyber Attack",
"date": "4/2020",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '4,883',
                        'industry': 'Financial Services',
                        'location': 'Washington, USA',
                        'name': "Boeing Employees' Credit Union (BECU)",
                        'type': 'Credit Union'}],
 'attack_vector': 'Cyberattack Skimmers',
 'data_breach': {'data_exfiltration': 'Likely',
                 'number_of_records_exposed': '4,883',
                 'personally_identifiable_information': ['names',
                                                         'card numbers',
                                                         'CVV codes',
                                                         'PINs',
                                                         'card expiration '
                                                         'dates'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['payment card data',
                                              'personally identifiable '
                                              'information (PII)']},
 'date_publicly_disclosed': '2020-07-09',
 'description': 'The Washington State Office of the Attorney General reported '
                "a data breach involving Boeing Employees' Credit Union (BECU) "
                'on July 9, 2020. The breach, which began on April 1, 2020, '
                'involved cyberattack skimmers and affected approximately '
                '4,883 BECU members, with potentially compromised data '
                'including names, card numbers, CVV codes, PINs, and card '
                'expiration dates.',
 'impact': {'data_compromised': ['names',
                                 'card numbers',
                                 'CVV codes',
                                 'PINs',
                                 'card expiration dates'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': "Boeing Employees' Credit Union (BECU) Data Breach via Cyberattack "
          'Skimmers',
 'type': 'Data Breach'}