The California Office of the Attorney General disclosed a data breach at Wescom Central Credit Union on May 14, 2019, involving unauthorized access to backup files managed by Geezeo, a third-party service provider. The breach exposed an unknown number of members' personal information, including names, addresses, and account details, though Social Security numbers and passwords remained uncompromised. The incident was delayed in reporting, with official notification issued on November 19, 2019—over six months after the breach occurred. The exposed data, while not including highly sensitive identifiers like SSNs, still posed risks such as potential financial fraud, identity theft, or targeted phishing attacks against affected members. The breach stemmed from a security lapse in backup file protection, highlighting vulnerabilities in third-party vendor systems. Although no immediate financial losses or large-scale fraud were reported, the exposure of account details could enable malicious actors to exploit members through social engineering or unauthorized transactions. The incident underscored the importance of timely breach detection, third-party risk management, and transparent communication with affected individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-184514
TPRM report: https://www.rankiteo.com/company/wescomresources
"id": "wes548091725",
"linkid": "wescomresources",
"type": "Breach",
"date": "5/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Financial Services',
'location': 'California, USA',
'name': 'Wescom Central Credit Union',
'type': 'Credit Union'},
{'industry': 'Financial Technology',
'name': 'Geezeo',
'type': 'Third-Party Vendor'}],
'data_breach': {'data_exfiltration': 'Yes (unauthorized access to backup '
'files)',
'file_types_exposed': ['backup files'],
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes (names, '
'addresses)',
'sensitivity_of_data': 'Moderate',
'type_of_data_compromised': ['personal information (names, '
'addresses)',
'account details']},
'date_detected': '2019-05-14',
'date_publicly_disclosed': '2019-11-19',
'description': 'The California Office of the Attorney General reported that '
'Wescom Central Credit Union experienced a data breach on May '
'14, 2019. The breach involved unauthorized access to backup '
"files from Geezeo, affecting an unknown number of members' "
'personal information, including names, addresses, and account '
'details, but not including Social Security numbers or '
'passwords.',
'impact': {'data_compromised': ['names', 'addresses', 'account details'],
'identity_theft_risk': 'Low (no SSNs or passwords exposed)',
'payment_information_risk': 'Moderate (account details exposed)',
'systems_affected': ['backup files (Geezeo)']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Wescom Central Credit Union Data Breach (2019)',
'type': 'Data Breach'}