Cyber Incident Victim: CU Collections

CU Collections, a Virginia-based agency assisting credit unions with debt collection, discovered a cyber attack in February 2020 that compromised sensitive consumer information. The breach occurred when unauthorized individuals accessed systems containing personal data provided to CU Collections by partner credit unions for delinquent account management. Upon detection, the company immediately engaged cybersecurity experts to investigate the incident and notified law enforcement agencies about the criminal activity. The investigation revealed that attackers potentially obtained names, addresses, Social Security numbers, financial account details, and driver's license numbers belonging to individuals with overdue credit union loans or accounts. CU Collections maintained cooperation with investigative authorities throughout the process to pursue accountability for the attackers.

The security incident specifically affected accounts under CU Collections' management but did not involve breaches at partner institutions like Wellspring Credit Union. CU Collections promptly alerted all partner credit unions about the compromise, enabling them to implement safeguards for member accounts. The company established a dedicated call center (855-907-2105) operating Eastern Time hours to field inquiries from potentially affected individuals. As remediation, CU Collections offered complimentary identity protection and credit monitoring services to all impacted consumers while working with cybersecurity specialists to strengthen system protections against future attacks. The agency confirmed ongoing collaboration with forensic investigators to resolve security vulnerabilities and enhance data protection protocols across its operational infrastructure following the breach discovery.