Broadview Federal Credit Union (BFCU) is one of the largest credit unions in New York, supporting more than 500,000 members. They are a top 30-rated organization in the industry and enjoy over $8 billion in assets. They’ve also fallen victim to the global MOVEit breach through their external vendor, Fiserv.
MOVEit is a file transfer solution used by thousands of organizations worldwide. In May, they announced a zero-day vulnerability, which allows cybercriminals to take advantage of those using the software. Fiserv, a solutions vendor for organizations, has notified BFCU of a MOVEit server breach about the global event.
Progress Software announced the MOVEit breach on May 31st, 2023, prompting investigations from thousands of companies. Fiserv was included in this group, resulting in the eventual discovery of threat actors within their servers. Around November 3rd, Fiserv notified BFCU of the event and, later that month, began sending notifications to those potentially impacted.
Although the security event did not impact internal BFCU systems, credit union members may have information at risk. Members whose data gets managed by Fiserv have the most significant risks, but these specific groups are not public. As a result, all members of BFCU should take action to protect their data from misuse.
The Maine Attorney General’s website states the expected impact of the breach to include more than 5,000 members. BFCU officials began sending impact notices to members around November 30th; however, members don’t have to wait for a physical data breach (or email scam) to start protecting their data from loss.