Cyber Incident Victim: Hawaii First Federal Credit Union

On June 1, 2015, Hawaii First Federal Credit Union discovered that an unauthorized individual may have gained access to an employee’s email account, potentially compromising customer personal information. The breach exposed sensitive data including names, addresses, Social Security numbers, and bank account numbers, though the exact number of affected individuals remained undisclosed. The credit union acted swiftly to terminate access to the compromised email account and reset all passwords to prevent further unauthorized activity. While no reports indicated misuse of the exposed information at the time of discovery, the organization initiated a comprehensive review of its information security practices and procedures to address vulnerabilities. The incident stemmed from unauthorized access to a single employee account, highlighting risks associated with email-based data storage.

In response to the breach, Hawaii First Federal Credit Union notified all potentially affected customers by August 31, 2015, advising them of the incident through direct communication. The notification letter emphasized the absence of confirmed identity theft or credit misuse but acknowledged the seriousness of the exposure. As a remedial measure, the credit union offered impacted individuals a free year of identity theft protection services to mitigate potential financial or reputational harm. The organization’s public statement underscored its cautionary approach, prioritizing transparency despite the lack of evidence regarding malicious exploitation of the data. These actions reflected immediate containment efforts alongside longer-term commitments to strengthen security protocols following the internal review.