Posted On January 31, 2022 Consumer Privacy & Data Breaches
January 31, 2022 – Recently, the financial institution Envision Credit Union issued formal data breach notification letters relating to a data breach resulting in the personal data of more than 55,000 individuals being compromised. According to an official filing by Envision Credit Union, on August 5, 2021, Envision discovered suspicious activity on some of its computers. In response, Envision Credit Union launched an internal investigation, revealing that an unauthorized party gained access to the sensitive information of 55,694 individuals. This information includes affected parties’ names, Social Security numbers, financial account information, payment card information, and other sensitive data.
Cyber-security events such as the Envision Credit Union breach are relatively common and can happen in a few ways. Often, breaches like this are the result of a hacker illegally gaining access to a company’s computer systems to obtain sensitive consumer information. No one knows the reasons why Envision Credit Union was the target of this recent cyberattack. However, hackers and other criminals may target certain companies that have weak data security systems or vulnerabilities in their data security networks.
After a cybercriminal gains access to a computer network, they can then access and remove sensitive consumer data from the compromised servers. While the company can usually tell that certain files were accessible, there may be no way of knowing which files were actually viewed by the hacker and whether they stole any of the data contained in these files. Regardless, because a data breach puts consumer information in the hands of an unauthorized person, those affected by these breaches are at an increased risk of identity theft. Given this reality, individuals who receive an Envision Credit Union data breach notification should remain vigilant in checking their online accounts, credit card accounts, bank accounts, and credit reports for any signs of unauthorized activity.
Of course, the fact that your information was compromised in a data breach does not necessarily mean it will be used for criminal purposes. However, it is a possibility that should not be ignored. Recently, data breaches have become even more common, as the COVID-19 pandemic gave criminals ample opportunity to conduct attacks against companies preoccupied with other pandemic-related issues.
Businesses like Envision Credit Union are responsible for protecting the consumer data in their possession. If evidence emerges that your sensitive information was mishandled leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
When you opened an account with Envision Credit Union, you voluntarily gave the company your personal and financial information. You also trusted the company to keep your information secure. Certainly, anyone opening an account at a credit union would think that the institution would safeguard their information. However, news of this data breach raises very real questions about the organization’s data security measures and whether more could have been done to prevent the breach.
All businesses and non-profit organizations have an ethical and legal obligation to ensure sensitive consumer information remains private. Of course, creating and maintaining a data security system comes at a significant expense; however, it is also a necessary expense given the frequency with which cybersecurity events such as this one occur.
While United States data breach laws provide a way for consumers to sue companies for the misuse or negligent handling of their data, the laws are very complex. Additionally, details about the Envision Credit Union data breach are still forthcoming. That being the case, for now, there is no evidence suggesting that Envision Credit Union was responsible in any way for the breach. However, that could change because our data breach attorneys are investigating the breach and its potential causes to determine what legal remedies, if any, consumers have against the organization.
If you have questions about your ability to bring a data breach class action lawsuit against Envision Credit Union, you should contact a data breach attorney as soon as possible.
If you open your mailbox to find a data breach notification letter from Envision Credit Union, your personal data was compromised in the breach. This means that a total stranger, possibly a criminal looking to steal your identity, could have accessed, viewed, and retained your personal information. While you can’t be sure why a hacker would want to obtain your information or how they plan to use it, it is essential you remain vigilant to protect yourself from the heightened risk of identity theft by taking the following steps:
Envision Credit Union is a financial institution serving residents of Florida and Georgia. The company provides a wide range of financial services, including checking accounts, savings accounts, mortgages, auto loans, business loans and more. The credit union first started when a small group of teachers banded together to form a teachers’ union. However, in 1979, what started off as a Leon County Teachers’ Credit Union changed its name to the North Florida Education Credit Union. After several other mergers, the institution again changed its name, this time to Envision Credit Union.
According to the most filings by Envision Credit Union, on August 5, 2021, Envision first discovered suspicious activity across some of its computer networks. In response, Envision Credit Union launched an investigation to determine specifically which files were accessible and what data was contained in the compromised files. This investigation revealed that an unauthorized party gained access to the sensitive information of 55,694 individuals between August 5, 2021 and August 7, 2021. The information that was accessible to the unauthorized third party include the following:
On approximately January 28, 2021, Envision Credit Union mailed out data breach notification letters to those whose information was leaked in the breach. These notices explain the details of the data breach and provide consumers with certain steps to take to protect themselves. Envision Credit Union explained that the company does not know of any instance in which the compromised data was actually accessed or used by the unauthorized party. However, affected individuals should keep a lookout for signs of identity theft and fraud by closely monitoring their online accounts and credit reports.
Below is a copy of the initial data breach letter issued by Envision Credit Union (a sample of the actual notice sent to consumers can be found here):
Dear [Consumer],
There is nothing more important to us than our relationship with you and the privacy and security of your accounts with Envision Credit Union (“Envision”). Today, we write to you to inform you of a recent incident that may affect the security of some of your personal information. This notice provides information about the incident, our response, and resources available to you to help protect your information from possible misuse, should you feel it necessary to do so.
What Happened? On August 5, 2021, we became aware of suspicious activity within our network. We immediately initiated our information technology (IT) vendor to investigate and isolate the impacted area. At that time, we also launched an internal investigation to confirm the full nature and scope of the incident. We quickly conducted a clean sweep of our systems, however, further investigation revealed that a limited amount of information may have been accessed without authorization during this incident from August 5, 2021 through August 7, 2021.
What Information Was Involved? The information related to you and maintained by Envision that may have been accessed may include Social Security number, financial account information, payment card information, driver’s license and/or state identification number, passport number, military identification number, and/or similar number issued on a government document to verify identity.
What We Are Doing. We take the privacy and security of information entrusted to us very seriously and apologize for any inconvenience this incident may cause. As part of our ongoing commitment to the security of information within our care, we have reviewed our existing policies and procedures regarding cybersecurity. We are working to evaluate additional measures and safeguards to protect against this type of incident in the future
