An unknown number of members of the almost $15 billion Pentagon Federal Credit Union may be at risk of identity theft after the CU experienced a security breach, according to CU correspondence.
The credit union explained the breach to members in a Dec. 30 letter to the New Hampshire Attorney General from a Massachusetts law firm that wrote in its name. The letter said the CU planned to notify members on or before Jan. 4. The CU has not yet responded to calls for comment or explanation about the breach.
PenFed said it discovered the breach on Dec. 12 and attributed it to a laptop that had been infected by malware. The credit union did not say whether the laptop had belonged to a PenFed employee or a third party vendor, but said that the malware had allowed unauthorized access to members names, addresses, social security numbers, account numbers, and credit and debit card numbers.
PenFed said that it had no indication that any of the compromised information had been misused, but a template of the letter proposed for members said the credit union had closed and reissued credit and debit cards of members known to have been compromised in the breach.