Bethpage (N.Y.) Federal Credit Union says an employee accidentally exposed personal information from 86,000 of its members’ Visa debit card accounts on the Internet, the issuer announced June 12.
The credit union said on May 3 an employee posted data on a file-transfer protocol site the employee believed to be secure. But Bethpage Federal later found the data could be accessed through search engines, and it removed the information on June 3–one month later–once it became aware of the breach. It sent out emails June 11 informing members who were affected and notified the National Credit Union Association.
The breach occurred as the issuer transitioned from Visa to MasterCard debit cards, the credit union said. The issuer says it has accelerated the transition and plans to replace the Visa cards within several weeks.
Credit union officials said there has been no fraud detected on the cards yet.
Data posted on the site for consumer Visa debit cards include names, addresses, birth dates and card expiration dates, as well as checking and savings account numbers.
It did not include Social Security numbers, personal identification numbers or card-verification value codes–the number on the back of cards used to authenticate card-not-present transactions.
The credit union found out about the breach about a week ago when a member contacted it saying the data came up during a Google search.
The credit union hired two security firms, Fishnet and Coalfire, which have monitored access to the files. It informed members after the firms indicated data had been accessed by users, although the credit union said there was no evidence of any theft.
Bethpage urged members to take additional precautionary steps to further protect themselves, including reviewing account statements or online history regularly, remaining vigilant over the next 12 to 24 months, and immediately reporting any suspicious activity to the credit union.
Bethpage is offering affected members a year of free credit monitoring by Experian.
What do you think about this? Send us your feedback. Click Here.