Cyber Incident Victim: SF Fire Credit Union

The SF Fire Credit Union disclosed a data breach to the California Attorney General's Office on August 18, 2022, following a security incident that compromised sensitive member information. The breach occurred across multiple dates: July 2-6, July 30-31, and August 1-2, 7-8, 2022. Attackers accessed members' names, credit card numbers, CVV codes, card expiration dates, and PIN numbers. The credit union did not publicly disclose the attack vector or method of intrusion but confirmed the incident impacted an unspecified number of members. Upon discovering the breach, SF Fire Credit Union conducted an investigation to identify affected individuals before initiating notification procedures. The compromised data types exposed victims to heightened risks of payment card fraud, unauthorized transactions, and identity theft due to the inclusion of both static identifiers and dynamic authentication elements like CVV and PIN codes.

In response to the breach, SF Fire Credit Union implemented containment measures including canceling all compromised payment cards and issuing replacement cards with new account numbers. The institution opted against providing traditional credit monitoring services, instead depositing $120 into affected members' accounts for optional monitoring purchases. Notification letters were distributed to impacted individuals on August 18, 2022, detailing the specific data elements exposed but omitting technical details about the attack's origin or scope. Founded in 1951 and originally serving firefighters, the San Francisco-based credit union had expanded its membership to residents, workers, and students across San Francisco, San Mateo, and Marin counties prior to the incident. With 272 employees, three physical branches, and approximately $40 million in annual revenue, the breach represented a significant operational disruption requiring card reissuance across its membership base and financial remediation efforts.