Social Security and bank account numbers are some of the information hackers may have taken in a breach at Hawaii First Federal Credit Union in Kamuela, according to a letter the credit union sent to current and former employees and members.

The hack may have taken place via unauthorized access to an employee’s email account, the letter said.

The credit union discovered the unauthorized access on June 1, according to the letter, which President/CEO Laura Aguirre said went out on Aug. 31. It immediately terminated access to the email account, reset all passwords and started an investigation to learn what information was taken.

The letter also said Hawaii First FCU hasn’t received any reports that employee or member information has been used in any manner that would compromise identities or credit. It is also providing a year of free credit protection services through Experian.

“If there is a silver lining to this situation, we were able to test our incident response plan and found it worked well and aided us in acting quickly and in an organized manner,” Aguirre told CU Times. “As a smaller credit union with limited resources, this was very valuable. The other critical factor was that we had a cybersecurity insurance policy in place. Upon our notification, their response team immediately provided resolution resources.”

She added, “No matter your asset size, a cybersecurity insurance policy is a must in today’s world and the ever-changing types of online fraud.”

The credit union, which has $35 million in assets and 7,500 members, is reviewing its information security practices and procedures, as well as taking additional security precautions, the letter said.