Infected PC Compromises Pentagon Credit Union

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.

PenfedThe credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.

The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the  names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC.

The full size of the breach is not known, but 514 New Hampshire residents were affected, which suggests that the breach could affect tens of thousands of current and former members and family of military, Department of Homeland Security, and Department of Defense. By comparison, a breach by the touring firm Twin America, disclosed in December, 2010, affected around 300 New Hampshire residents, but 100,000 people nationally.

PenFed was chartered in 1935 and now serves close to one million members of the military and defense related agencies, with $15 billion in assets, according to the credit union’s Web site.

The organization said it learned of the attack on December 12 and immediately took action to eliminate it. PenFed says it has identified the means by which the information was accessed and taken steps to prevent a similar breach from occurring. It has also reissued credit and debit cards to affected customers.

PenFed says it doesn’t know of any efforts to misuse the stolen information, but the organization’s connection to members of the military, Department of Defense and other U.S. government agencies may well raise the spectre of state-sponsored attack that may, or may not have a financial motive.

A recent report by the Department of Defense’s Defense Security Services concluded that Internet bases spying and targeted attacks connected to foreign governments continue to be a major concern, with malware and targeted “phishing” attacks on government employees offering a “low cost, high gain” method of obtaining sensitive data.

Suggested articles

Discussion

  • Anonymous on

    It sure would lend some credence to your reporting if you were to understand how to use the words effected and affected...

  • dev-null on

    In what way ?

    514 New Hampshire residents were affected - correct

    a breach by the touring firm Twin America, disclosed in December, 2010, affected around 300 New Hampshire residents - correct

    It has also reissued credit and debit cards to affected customers - correct

    effected - execute, produce, or accomplish something
    affected - to impact, change, or alter something

     

  • Anonymous on

    the breach could effect tens of thousands

  • Pen Fed Customer on

    I was wondering why they issued me a new credit card and cancelled my old account without asking.

  • Anonymous on

    I'm with dev-null.  Affect is used in most verb situations whereas effect is used in most noun situations.  There are verb situations in which you may choose to use effect, but the meaning is "to bring about" or "to accomplish" (e.g. to effect change in a policy).  The original author is correct.

  • Anonymous on

    "the breach could effect tens of thousands" is clearly wrong, sorry.

     

  • Anonymous on

    So, if I am executing a change, or changing execution, is the correct spelling æfected?

  • Anonymous on

    Oops, I meac æffected, how silly of me!

    Hmm I like this idea... æffected solves the whole problem of affected/effected.   Half the people on this planet pronounce both words the same way as it is...

  • Bobo on

    In addition to the possiblity of nation-state sponsored grammatical nit-picking...

    There's also a substantial risk of this data being used to determine current members of the government or military, who are in difficult financial straits. These people are more vulnerable to financially motivated subversion. Not only should their credit reports be monitored but their work habits should be monitored and their access authority to sensitive information should be reviewed.

  • Retired at 53!!! on

    First, with FOX Network and the dumbing down of America, who gives a rat's fart if it's a or e??? Second, THREAT POST should get ALL the info before going public and scaring a boatload of retirees!!! Just got off the phone with PenFed and the breach AFFECTED ONLY CREDIT/DEBIT Card HOLDERS!!! Members with just share, checking, and CD's WERE NOT AFFECTED!!!!!
  • Retired at 53!!! on

    First, with FOX Network and the dumbing down of America, who gives a rat's fart if it's a or e??? Second, THREAT POST should get ALL the info before going public and scaring a boatload of retirees!!! Just got off the phone with PenFed and the breach AFFECTED ONLY CREDIT/DEBIT Card HOLDERS!!! Members with just share, checking, and CD's WERE NOT AFFECTED!!!!!
  • Anonymous on

    Seems to me that Penfed dis not have proper and/or effective filtering in place or PCI DSS if implimented was not up to date.  That's unexcusable if so.

  • Anonymous on

    The effect of the affect was effective in affecting the effectiveness of the affectation.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.