Liberty First Credit Union is notifying 52,496 people of a data breach following a cyber attack in September 2024. Ransomware group RansomHub added the Nebraskan credit union to its data leak site at the time after allegedly stealing 254GB of data.
In its notification, the credit union confirms that: “On September 17, 2024, we discovered that an unknown, unauthorized third party accessed our network.” But that, “This unauthorized access was limited to a portion of our internal network and did not involve unauthorized access to our banking, online banking, or payment systems.” It also assured customers that the files acquired did not contain any online banking log-in credentials or debit card numbers. The actual data involved is redacted from the notification.
RansomHub’s proof pack did appear to contain balance sheets as well as customer account numbers and balances, however. A customer’s passport was also uploaded.
Liberty First Credit Union hasn’t confirmed RansomHub’s claims or whether or not a ransom was demanded or paid. Comparitech has contacted for more details and will update the article if we receive a response.
Who is RansomHub?
Over the last few months, RansomHub has become the most dominant ransomware group based on the number of postings to its data leak site. Since February 2024, we have tracked 71 confirmed attacks via this group and 399 unconfirmed attacks.
Also issuing data breach letters this week is an Arizona mortgage lender, Capital Fund 1, LLC. It’s notifying 5,189 people of a breach in July 2024 which was also claimed by RansomHub. This proof pack appeared to contain passwords for a number of Capital Fund’s resources, including Amazon, UPS, and some email addresses.
Other claims this week include the City of Coppell and Minneapolis Park Recreation Board which suffered attacks in October and November respectively.
RansomHub is a ransomware-as-a-service variant thought to have ties to Russia. It often follows a double-extortion technique, demanding a ransom for a decryption key to unlock the company’s systems and another for deleting all of the stolen data.
Ransomware attacks on US financial companies
So far this year, we’ve tracked 42 attacks on US financial companies. These have affected a staggering 33,915,159 records in total. This attack on Liberty First Credit Union is the twelfth largest (based on records affected).
As well as Capital Fund 1, Florida accounting company Howard, Howard, and Hodges, CPAs has also begun issuing notifications this week following a cyber attack in September 2024. This was claimed by BlackLock (previously known as El Dorado).
As our recent research discovered, ransomware attacks on the finance sector remain a huge threat due to the sensitive data stored by these companies, particularly as many gangs employ the double-extortion technique seen by RansomHub. If the gang doesn’t receive a ransom for encrypting systems or stealing data, it has a trove of information it can sell on the dark web.
We have also noted 120 unconfirmed attacks on the US financial sector this year so far.
About Liberty First Credit Union
Liberty First Credit Union is a not-for-profit, member-owned financial cooperative. Its origins date back to 1935 when it was the Burlington Employees Cooperative Credit Association in Chicago. Today, it has seven branches located across Nebraska.
