On August 4, 2017, Golden 1 Credit Union suffered a data breach caused by illegal skimmer devices installed on its ATM machines. These skimmers were designed to covertly capture payment card details, including card numbers and Personal Identification Numbers (PINs), from unsuspecting customers. The breach exposed sensitive financial information, though the exact number of affected individuals remains undisclosed. The compromised data could enable fraudulent transactions, identity theft, or unauthorized access to bank accounts, posing significant financial risks to the victims. While the breach did not involve a direct cyber intrusion into Golden 1’s internal systems, the use of physical skimming devices highlights vulnerabilities in ATM security. Customers who used the affected ATMs during the breach period were at risk of financial losses, requiring the credit union to implement remediation measures such as card replacements, fraud monitoring, and heightened security protocols. The incident underscores the persistent threat of low-tech yet effective attack methods targeting financial institutions, emphasizing the need for robust physical and digital safeguards to protect customer data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-101238
TPRM report: https://www.rankiteo.com/company/golden1creditunion
"id": "gol005091825",
"linkid": "golden1creditunion",
"type": "Breach",
"date": "8/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking/Financial Services',
'location': 'California, USA',
'name': 'Golden 1 Credit Union',
'type': 'Financial Institution (Credit Union)'}],
'attack_vector': 'Physical ATM Skimmer Devices',
'data_breach': {'data_exfiltration': 'Yes (Likely, via Skimmer Devices)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Partial (Payment Card '
'+ PIN)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment Card Data', 'PINs']},
'date_detected': '2017-08-04',
'date_publicly_disclosed': '2017-08-04',
'description': 'The California Office of the Attorney General reported that '
'Golden 1 Credit Union experienced a data breach involving '
'illegal skimmer devices at ATM machines. The breach may have '
'compromised payment card information and PINs, affecting an '
'unknown number of individuals.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact (Likely)',
'data_compromised': ['Payment Card Information', 'PINs'],
'identity_theft_risk': 'High (Payment Card + PIN Compromise)',
'payment_information_risk': 'High',
'systems_affected': ['ATM Machines']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (Likely)',
'entry_point': 'Physical ATM Tampering (Skimming '
'Devices)',
'high_value_targets': 'ATM Users'},
'motivation': 'Financial Gain (Likely)',
'post_incident_analysis': {'root_causes': 'Lack of Physical Security Controls '
'for ATM Machines'},
'references': [{'date_accessed': '2017-08-04',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'Golden 1 Credit Union ATM Skimmer Data Breach',
'type': 'Data Breach (Physical Skimming)'}