South Carolina credit union says 240,000 impacted by recent cyberattack

More than 240,000 people had information stolen during a cyberattack on SRP Federal Credit Union, one of the largest in South Carolina. 

The credit union filed breach notification documents with regulators in Maine and Texas on Friday acknowledging that it recently detected suspicious activity on its network. SRP was founded in 1960, and said it has more than $1.6 billion in assets as of 2022.

After law enforcement was notified, an investigation was conducted and they realized that hackers accessed SRP Federal Credit Union systems “at times from September 5, 2024, and November 4, 2024, and potentially acquired certain files from our network during that time.” The investigation concluded on November 22.

SRP Federal Credit Union did not respond to requests for comment about what information was stolen. But the company told regulators in Texas that names, Social Security numbers, driver’s license numbers, dates of birth and financial information like account numbers as well as credit or debit card numbers were leaked. 

In the breach notifications, the company said the cyberattack did not impact its online banking system or core processing system. 

A ransomware gang named Nitrogen took credit for the attack last week, claiming to have stolen 650 GB of customer data. The company has not confirmed it was a ransomware attack. 

The ransomware gang recently emerged in October, according to cybersecurity researchers with HackManac. It claimed a high-profile attack on Canadian video game developer Red Barrels, which the company confirmed in a message to customers. The attack had a "significant" impact on the company's game production timeline and was forced to delay some games. 

Almost exactly one year ago, about 60 credit unions dealt with widespread outages after a ransomware attack on a popular software provider. The incident was so severe that federal credit union regulators were forced to step in and provide assistance after thousands of people complained of being locked out of their financial accounts for days. 

Another prominent credit union in California was impacted for weeks this year after a ransomware gang took over the company’s systems ahead of the July 4 holiday.