On June 1, 2023, the Maine Office of the Attorney General disclosed a data breach at Diamond Lakes Federal Credit Union, occurring between December 1–6, 2022. The incident stemmed from unauthorized access (hacking) to an employee’s email account, compromising sensitive data. Approximately 22,662 individuals were affected, with exposed information potentially including financial account numbers and other personally identifiable details. While the breach did not involve ransomware or systemic disruption, the exposure of financial data posed risks of identity theft and fraud. In response, the credit union offered 12 months of complimentary credit monitoring and identity theft protection services via IDX to mitigate harm. The breach underscored vulnerabilities in email security protocols, highlighting the need for stricter access controls and monitoring to prevent similar incidents in financial institutions.
TPRM report: https://www.rankiteo.com/company/diamond-lakes-federal-credit-union
"id": "dia036091825",
"linkid": "diamond-lakes-federal-credit-union",
"type": "Breach",
"date": "12/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '22,662',
'industry': 'Financial Services',
'name': 'Diamond Lakes Federal Credit Union',
'type': 'Credit Union'}],
'attack_vector': 'Unauthorized Access (Hacking)',
'customer_advisories': ['Offered 12 months of complimentary credit monitoring '
'via IDX'],
'data_breach': {'number_of_records_exposed': '22,662',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial account numbers',
'Sensitive information']},
'date_publicly_disclosed': '2023-06-01',
'description': 'On June 1, 2023, the Maine Office of the Attorney General '
'reported a data breach involving Diamond Lakes Federal Credit '
'Union that occurred between December 1, 2022, and December 6, '
'2022, due to unauthorized access (hacking) to an employee '
'email account. Approximately 22,662 individuals were '
'affected, and the breach potentially involved financial '
'account numbers along with other sensitive information. '
'Identity theft protection services, including 12 months of '
'complimentary credit monitoring provided by IDX, were offered '
'to the affected individuals.',
'impact': {'data_compromised': ['Financial account numbers',
'Other sensitive information'],
'identity_theft_risk': 'High (Identity theft protection services '
'offered)',
'payment_information_risk': 'High (Financial account numbers '
'compromised)',
'systems_affected': ['Employee email account']},
'initial_access_broker': {'entry_point': 'Employee email account'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'recovery_measures': ['Offered 12 months of complimentary credit '
'monitoring to affected individuals'],
'third_party_assistance': ['IDX (for identity theft protection '
'services)']},
'title': 'Data Breach at Diamond Lakes Federal Credit Union via Unauthorized '
'Email Access',
'type': 'Data Breach'}