On September 16, 2022, the California Office of the Attorney General disclosed a data breach at First Tech Federal Credit Union, specifically involving an ATM in Cupertino, California. The incident was caused by a card skimmer and hidden camera installed on the ATM, which operated intermittently between June 15, 2022, and July 31, 2022. The breach targeted individuals who used their payment cards at the compromised ATM during this period, potentially exposing their card details and PINs to unauthorized actors. While the exact number of affected individuals remains undisclosed, the attack posed a risk of financial fraud, including unauthorized transactions or cloning of payment cards. The breach was limited to the ATM’s physical tampering rather than a broader digital intrusion into the credit union’s systems. However, the exposure of sensitive financial data—even if confined to a single location—raised concerns over customer trust, reputational damage, and potential fraudulent activity linked to the compromised accounts.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-557312
TPRM report: https://www.rankiteo.com/company/first-tech-federal-credit-union
"id": "fir1005091725",
"linkid": "first-tech-federal-credit-union",
"type": "Breach",
"date": "6/2022",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown (Individuals who used '
'the ATM between June 15, 2022, '
'and July 31, 2022)',
'industry': 'Banking/Financial Services',
'location': 'Cupertino, California, USA',
'name': 'First Tech Federal Credit Union',
'type': 'Financial Institution (Credit Union)'}],
'attack_vector': 'Physical ATM Tampering (Card Skimmer and Hidden Camera)',
'data_breach': {'data_exfiltration': 'Yes (Via Skimming Device and Camera)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Potential (Linked to '
'Card Data)',
'sensitivity_of_data': 'High (Financial/Payment Information)',
'type_of_data_compromised': ['Card Data', 'PINs (Potential)']},
'date_detected': '2022-09-16',
'date_publicly_disclosed': '2022-09-16',
'description': 'The California Office of the Attorney General reported that '
'First Tech Federal Credit Union experienced a data breach '
'involving a card skimmer and camera at their ATM in '
'Cupertino, California. The breach occurred intermittently '
'between June 15, 2022, and July 31, 2022, potentially '
'affecting individuals who used their cards at that ATM during '
'that time; the specific number of affected individuals is '
'unknown.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage Due to '
'Breach Publicity',
'data_compromised': ['Card Data', 'PINs (Potential)'],
'identity_theft_risk': 'High (Due to Compromised Card and PIN '
'Data)',
'payment_information_risk': 'High (Card Data and PINs at Risk)',
'systems_affected': ['ATM in Cupertino, California']},
'investigation_status': 'Reported; Further Details Unclear',
'motivation': 'Financial Gain (Likely Theft of Card and PIN Data)',
'post_incident_analysis': {'root_causes': 'Inadequate Physical Security at '
'ATM (Skimming Device and Camera '
'Installed Undetected)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General',
'law_enforcement_notified': 'Likely (Reported by California '
'Office of the Attorney General)'},
'title': 'First Tech Federal Credit Union ATM Card Skimmer and Camera Data '
'Breach',
'type': 'Data Breach (Card Skimming)',
'vulnerability_exploited': 'Lack of Physical Security Measures at ATM'}