The breach at SRP Federal Credit Union, allegedly carried out by the “Nitrogen Ransomware Group,” has led to significant legal actions, as more than 240,000 individuals may have had their personal data compromised.
The breach, which occurred between September 5 and November 4, went undetected for weeks and was only disclosed to affected customers in December.
The stolen information reportedly includes sensitive data like Social Security numbers, driver’s licenses, birthdates, and financial details, putting victims at risk of identity theft and fraud.
Multiple lawsuits, which aim to become class actions, claim that the credit union failed to adequately protect its systems, allowing cybercriminals easy access.
These lawsuits highlight that SRP Federal Credit Union delayed notifying its customers, raising concerns over its data security practices. In response to the breach, the credit union is offering one year of identity protection services and says it has taken measures to prevent similar incidents.
The breach is particularly concerning due to the value of stolen personal data on the black market, where Social Security numbers are frequently traded for fraudulent purposes.
Plaintiffs in the lawsuits seek damages, including punitive measures, and are calling for an independent cyber audit of the credit union’s practices. The case is under the jurisdiction of U.S. District Judge Cameron McGowan Currie.