Cyber Incident Victim: Gen Digital
Date:
May 2023
Location:
United States of America
Summary
A financial services institution experienced a third-party data breach compromising names combined with financial account and payment card information, including security credentials. The incident affected over 600 individuals, with one Maine resident impacted, prompting written notifications and a year of credit monitoring services through Experian.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 30, 2023, a data breach occurred impacting Space Coast Credit Union, a financial services organization based at 8045 N Wickham Rd in Melbourne, Florida. The incident was discovered on August 2, 2023, revealing unauthorized access to sensitive customer information. Attackers acquired names combined with financial account numbers or credit/debit card details, including associated security codes, access codes, passwords, or PINs. The breach affected 602 individuals nationwide, including one Maine resident. Third-party involvement was identified as the cause, though specific technical details about the attack vector, perpetrator identity, or compromised systems were not disclosed in regulatory filings. No evidence suggested prior breaches within the preceding twelve months, indicating this was an isolated incident for the credit union. The delayed discovery timeline—64 days between occurrence and detection—highlighted potential gaps in monitoring third-party interactions or system vulnerabilities.
Space Coast Credit Union initiated written notifications to all affected consumers on September 1, 2023, 30 days after discovering the breach. The organization partnered with Experian to provide one year of single-bureau credit monitoring and identity theft protection services to impacted individuals. Legal representatives from McDonald Hopkins, PLC, specifically attorney Dominic Paluzzi, managed regulatory compliance and breach disclosure processes for the credit union. The limited Maine resident impact (one individual) exempted the organization from mandatory reporting to consumer reporting agencies under Maine's breach notification laws. Documentation submitted to Maine authorities included a copy of the consumer notification letter, referenced as ELN-19055 Space Coast Credit Union Ad r4prf.pdf. No additional remediation measures or technical containment actions were described in the filing beyond the credit monitoring offering and regulatory notifications. The breach exposed financial authentication credentials but did not publicly escalate into reported cases of identity theft or fraudulent transactions linked directly to the incident.