MANCHESTER, N.H. St. Mary’s Bank last week alerted its 116,000 members that a piece of malware that could be used to access personal information was discovered on several of the credit union’s computers.
The malware infection was spotted on the computer of one St. Mary’s employee on May 26. After a computer security consulting firm analyzed the breach, it was determined that 23 workstations had been compromised.
The malware, designed to capture screenshots, was on the computer since February.
So far, St. Mary’s said, there is no evidence that sensitive information such as Social Security numbers, account information, and transaction records have been stolen. “We have received no reports of unusual activity in any of our member accounts related to this malware, but we recommend that you carefully review your account statements for any sign of unauthorized activity and report it to us immediately,” Ronald Covey, president of the $760-million credit union, wrote in a letter to members.
“We have had no reports of unusual account activity that we believe might be related to this malware, and we have found no evidence that sensitive information has been accessed by any unauthorized individual,” wrote Covey.
The credit union has notified current and former members and loan applicants who may have been affected by mail and is recommending that they carefully review their account statements for any sign of unauthorized activity. Online banking was not affected, but St. Mary’s recommended that users regularly change their passwords as an additional precaution.
St. Mary’s is offering one year of credit monitoring and identity theft protection services through Experian to individuals who may have been affected. It said it is enhancing its information security measures.
An official investigation is ongoing.
