PenFed Probes Malware Invasion Exposing Member Data

Register now

ALEXANDRIA, Va. – Pentagon FCU is shutting down credit and debit cards that may have been exposed to hackers via malware the credit union discovered on one of its laptops last month.

The malware was discovered on Dec. 12 and allowed unauthorized access to a database containing names, addresses, Social Security numbers, PenFed account numbers, credit card numbers and/or debit card for PenFed members, joint owners, former members, employees and beneficiaries, the credit union told the New Hampshire attorney general in a Dec. 30 letter. At least 512 New Hampshire members were affected.

PenFed said it has taken steps to notify potentially affected members and to resolve the data breach. “To date, PenFed has no indication that the personal information of affected individuals involved in this incident has been misused,” the letter said.

The credit union sent letters to thousands of members disclosing the breach and their rights.

The $20 billion started sending notification letters to the affected individuals on Tuesday. The letter offers them a free, two-year subscription to an identity theft protection service from Kroll. Called ID TheftSmart, the service involves credit reports, credit monitoring, as well as identity theft consultation and restoration. In any case, people are strongly advised to routinely review their account statements and credit reports for suspicious activity.


For reprint and licensing requests for this article, click here.