WASHINGTON and MADISON, Wis. (12/11/12)--The Credit Union National Association (CUNA) is advising thousands of users of its website that no sensitive personal information from cuna.org was accessed or otherwise compromised in a hacking attack that--in addition to CUNA--also affected 30 or more additional organizations, U.S. government agencies, industry and other trade associations.
Among the other groups reportedly affected: NASA, General Dynamics, European Space Agency, the California Manufacturers & Technology Association, and the Texas Bankers Association.
The attack was conducted by Team GhostShell, a group that specializes in such security breaches--in an effort, it claims, to protest and draw attention to "the freedom of information on the net." It is estimated to have resulted in gathering 1.6 million accounts and records in total from all of the organizations that it hacked.
"We do not believe any sensitive personal information from our website was accessed," said CUNA President/CEO Bill Cheney. "However, we are contacting all users of our website to advise them of the breach. Further, we will continue to analyze the information posted on-line by the group, as well as continue to validate that no other risks exist. We will also continue to monitor our website and take increased security measures to ensure it is safeguarded."
Cheney emphasized that no information from members of credit unions was compromised as part of this breach. (That's contrary to a report published on the Web stating that the breach "puts over 85 mil. people at risk.") "CUNA.org stores no consumer-member data," Cheney said. "Further, CUNA does not store any information for individual consumers who are credit union members."
The CUNA leader said the information on the association's website that was hacked was user ID information (generally e-mail addresses, phone numbers, titles and business addresses), as well as some encrypted password information from more than five years ago.
CUNA is advising users of its website to take some precautionary steps, however, including changing their passwords. "We advise anyone who has a CUNA log-in account or uses the same e-mail address as a login ID for other online sites (not associated with cuna.org) to change the password," Cheney said. "Our CUNA website will be prompting users to change their passwords as well."