Recently, Albuquerque, New Mexico-based First Financial Credit Union (“FFCU”) filed an official data breach notice. The company also posted a Data Security Incident Notice on its website. This advisory explains that an unauthorized party was able to access certain FFCU files containing sensitive member data. Specifically, the information disclosed includes names, addresses, Social security numbers, driver’s license numbers, government identification numbers, bank account information, and credit card information. On April 6, 2022, First Financial formally notified the incident by sending all affected parties a “DATA SECURITY INCIDENT NOTICE”.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what your legal options are following the First Financial Credit Union data breach, please see our recent article on the subject. here.
More details on Financial Credit Union’s first data breach
Based on information provided by the FFCU in its latest letter to members, the company recently learned that an unauthorized party was able to access parts of the FFCU’s computer network. While FFCU had no indication that the unauthorized party had used the information obtained, the company opened an investigation into the incident. The FFCU did this both to learn more about the cause of the incident and to determine if any member information was leaked.
Through this investigation, the FFCU learned that some of the files accessed by the unauthorized party contained sensitive member information and that the unauthorized party gained access to the company network between January 17 and February 6, 2022. .
Once FFCU discovered that sensitive consumer data had been leaked, the company then engaged in a detailed review of the compromised information to determine exactly what information was exposed and to whom it belonged. Although the information compromised varies by member, it may include your name, address, social security number, driver’s license or government ID number, bank account number, and credit card number. or debit.
On April 6, 2022, First Financial Credit Union sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
More information about First Financial Credit Union
First Financial Credit Union is a financial services company based in Albuquerque, New Mexico. Founded by ten Bell Telephone Company employees in 1937, FFCU initially served company employees only. However, over time, the FFCU decided to expand its membership base. Today, First Financial Credit Union serves employees of more than 200 companies. The credit union offers the traditional services one would expect from a bank or credit union, including personal and business checking and savings accounts, mortgages, student loans, and personal loans. First Financial Credit Union has 286 people working for the company and generates approximately $28 million in revenue each year.
What are a company’s data security obligations?
Under state and federal data breach and consumer protection laws, businesses and other organizations have a duty to consumers to protect sensitive information that consumers trust in them. For years this duty was easily fulfilled; as long as a company wasn’t intentionally using consumer data for illegal purposes, they were on the right side of the law. However, over the past few decades, businesses’ jobs have become much more difficult due to the ever-present threat cybercriminals pose to consumer data.
A company can no longer passively store consumer data. Businesses today must use high-tech data security systems to keep hackers and other cybercriminals at bay. Most organizations understand the importance of consumer privacy and the risks of letting an individual’s data end up in the hands of a hacker. However, the duty to retain sensitive information is constantly evolving as hackers develop new, more sophisticated ways to orchestrate cyberattacks. Thus, organizations must continually update the security measures of the data they use to ensure that they remain up to date against the latest threats.
If a company fails to maintain an adequate data security system and cybercriminals are able to exploit this weakness, victims of the breach may be able to bring a class action lawsuit against the company.
Data breach victims who want to learn more about their rights and the implications of a data breach class action should contact a data breach attorney for assistance.