SRP Federal Credit Union, a $2-billion financial institution based in North Augusta, Georgia, experienced a **data breach in December 2024** when an unauthorized party accessed its computer network, exposing the sensitive personal information of **over 240,000 members**. The breach led to a proposed class-action lawsuit by seven members, who alleged negligence in protecting their data. While three plaintiffs reported fraudulent charges on their accounts, the **U.S. District Court dismissed the case without prejudice**, citing insufficient evidence linking the fraud directly to the breach. The court ruled that plaintiffs failed to establish standing due to a lack of traceability between the compromised data and the claimed financial harm. The dismissal allows plaintiffs 30 days to amend their complaint. The breach was formally disclosed via a notice to the **Maine Attorney General**, confirming the exposure of consumers' sensitive information.
TPRM report: https://www.rankiteo.com/company/srp-federal-credit-union
"id": "srp0702207102225",
"linkid": "srp-federal-credit-union",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '240,000+ members',
'industry': 'Financial Services',
'location': 'North Augusta, Georgia, USA',
'name': 'SRP Federal Credit Union',
'size': '$2 billion in assets',
'type': 'Credit Union'}],
'customer_advisories': ['notice of data breach to affected members (implied '
'by AG notification)'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '240,000+',
'personally_identifiable_information': 'Yes (implied by '
"'sensitive "
"information')",
'sensitivity_of_data': 'High (personal information)',
'type_of_data_compromised': ['sensitive information']},
'date_detected': '2024-12-12',
'date_publicly_disclosed': '2024-12-12',
'description': 'SRP Federal Credit Union experienced a data breach in '
'December 2024, where an unauthorized party accessed its '
'computer network, compromising the sensitive information of '
'over 240,000 members. A proposed class-action lawsuit '
'alleging negligence was dismissed by the U.S. District Court '
'for the District of South Carolina due to lack of standing, '
'as plaintiffs failed to sufficiently link fraudulent charges '
'to the breach. The dismissal was without prejudice, allowing '
'plaintiffs 30 days to amend their complaint.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'lawsuit and breach disclosure',
'customer_complaints': ['proposed class-action lawsuit by seven '
'members'],
'data_compromised': ['sensitive information of members'],
'identity_theft_risk': ['fraudulent charges reported by three '
'plaintiffs (unverified link to breach)'],
'legal_liabilities': ['dismissed class-action lawsuit (without '
'prejudice)',
'potential amended complaint'],
'payment_information_risk': ['fraudulent charges to CU/credit card '
'accounts (alleged)'],
'systems_affected': ['computer network']},
'investigation_status': 'Ongoing (lawsuit dismissal allows for amended '
'complaint)',
'references': [{'source': 'JD Supra'}, {'source': 'CUToday.info'}],
'regulatory_compliance': {'legal_actions': ['class-action lawsuit dismissed '
'(without prejudice)'],
'regulatory_notifications': ['notice filed with the '
'Attorney General of '
'Maine']},
'response': {'communication_strategy': ['notice of data breach filed with the '
'Attorney General of Maine']},
'threat_actor': 'Unauthorized party',
'title': 'SRP Federal Credit Union Data Breach (2024)',
'type': 'Data Breach'}