The employee's email account of Hawaii First Federal Credit Union was accessed by an unauthorized individual that compromised the personal information of its customers.
The compromised data included names, addresses, Social Security numbers, bank account numbers, and other personal information of employees and customers.
The Federal Credit Union immediately terminated the access, reset all the passwords and implemented the security procedures, and notified the affected persons.
TPRM report: https://scoringcyber.rankiteo.com/company/hawaii-first-federal-credit-union
"id": "haw133720422",
"linkid": "hawaii-first-federal-credit-union",
"type": "Breach",
"date": "09/2015",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Finance',
'location': 'Hawaii',
'name': 'Hawaii First Federal Credit Union',
'type': 'Financial Institution'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information']},
'description': "An unauthorized individual accessed an employee's email "
'account at Hawaii First Federal Credit Union, compromising '
'the personal information of its customers.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Bank account numbers',
'Other personal information'],
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Email Account'},
'post_incident_analysis': {'corrective_actions': ['Terminated Access',
'Reset Passwords',
'Implemented Security '
'Procedures'],
'root_causes': 'Weak or Compromised Credentials'},
'response': {'communication_strategy': ['Notified Affected Persons'],
'containment_measures': ['Terminated Access', 'Reset Passwords'],
'incident_response_plan_activated': True,
'remediation_measures': ['Implemented Security Procedures']},
'threat_actor': 'Unauthorized Individual',
'title': 'Unauthorized Access to Employee Email Account',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak or Compromised Credentials'}