Stay up to date on the latest security notices.

Security Notices

June 15, 2017 - Chipotle Data Breach

You may have heard through the media that Chipotle recently experienced a data breach. They have pinpointed that this breach occurred between March 24, 2017 and April 18, 2017. Their investigators stated that malware was designed to access payment card data from cards used on point-of-sale devices at certain Chipotle restaurants. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.

There were multiple restaurants throughout Arizona that were affected. Not all locations were affected and the specific time frames vary by location. We have been notified that some OneAZ Credit Union cardholders may be impacted by this breach. Our fraud monitoring service is on high alert and will be monitoring for fraudulent activity. 

Please remember to always be diligent in reviewing your card statements to monitor for any unauthorized activity. You should immediately report any unauthorized activity to your card issuer. The phone number to report any unauthorized activity is generally on the back of your payment card. 

For more information pertaining to this breach and to see the specific locations and time frames these locations were affected please visit Chipotle’s security page:


May, 2017 - DocuSign Data Breach 

You may have heard through the media that DocuSign recently experienced a data breach. DocuSign is a service often used to electronically sign financial documents, i.e. mortgage or consumer loans.

DocuSign detected an increase in phishing emails sent to users. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into clicking a link that opens a Word document that installs malicious software.

The company said the only information that was stolen from the non-core system in the DocuSign data breach were email addresses. DocuSign said that “names, physical addresses, passwords, social security numbers, credit card data or other information” was not accessed.

DocuSign users should be on the lookout for fake emails that claim to be from DocuSign. You can identify these fake emails by checking for misspellings, incorrect email addresses and links that do not lead to DocuSign’s official websites. Here are a few simple techniques to help you protect your personal information: 

  • Hover over the link – URLs to view or sign DocuSign documents contain “” and always start with https.
  • When in doubt, access your documents directly from by entering the unique security code, which is included at the bottom of every DocuSign email.
  • Do NOT open unknown or suspicious attachments, or click links – DocuSign will never ask you to open a PDF, Microsoft Office documents, or zip files in an email
  • Look for misspellings, poor grammar, generic greetings, and a false sense of urgency
  • Enable multi-factor authentication when possible
  • Use strong, unique password for each service – don’t reuse passwords on multiple websites

If you come across these type of fake emails, please forward them to After doing this, DocuSign suggests that users delete the emails from their inboxes. It also recommends that users make sure their antivirus software is up to date

For updates and more information, please visit the DocuSign Trust Site where new information will be posted when it becomes available. If you have any questions, please email or call (800) 379-9973.

Travel Tips

Before traveling, make sure your finances are in order. When there is an unusual amount of fraud occurring in a foreign country, the Credit Union sometimes blocks transactions from that country. Other financial institutions sometimes block foreign transactions as well, so you may want to consider the following tips before you go.

Here are a few tips that will help you have a smooth trip:

  • Call the Credit Union (and all other Banks and Card providers you may have) to notify them of your travel plans. Contact the credit union 24-48 hours in advance.
  • Be prepared to provide; mode of transportation, state or countries you will be visiting, the date you plan to leave and return.
  • Ask all your financial institutions about any foreign country restrictions. Find out how and where you can access their services.
  • Determine which accounts you will withdraw from, and how you can receive those funds (ATM, Wire Transfer, etc).
  • Review your records to ensure that you will have the proper funds available as you travel (make sure your bills are in order, too).
  • Make a list of all your credit and debit card numbers, and the phone numbers of all your financial institutions.
  • Keep your lists and plans in a safe place, and give a copy to a trusted family member or friend.
  • Simply call all your financial institutions before you leave. They can work with you and take the necessary steps to ensure that your funds are available as you travel.


Phishing or Spoofing is the most common type of online fraud. Fraudsters may send you an email that looks like it has come from OneAZ Credit Union. These emails ask you to go to a website through a link within the email. The website may also look like OneAZ Credit Union's website, and there you will be asked to provide your confidential information such as your account number, password, Social Security Number, ATM/Debit or Credit Card number, PIN or other information that only you need to know. Often these emails threaten to close accounts or claim that your information has been compromised. Sometimes fraudulent emails claim that you have won money, a prize, or a gift. The fraudsters' goal is to make you act quickly without thinking about what you're doing.

It is very important to remember that OneAZ Credit Union never asks for personal information through text message, email or by phone. Emails may contain links to our website or other sites related to our industry. If you prefer not to use the link in the email, please visit our website by typing our web address into your web browser. Please contact us immediately if you ever have questions or concerns about suspicious emails you may have received from us.


Vishing (Voice Phishing) is a form a fraud that tries to get your personal information through phone calls, such as credit card numbers, Personal Identification Numbers (PINs), bank account numbers, Social Security Numbers and other confidential information. The caller will claim to be from a financial institution that needs your personal information. Sometimes the call will be an automated recording requesting personal information, and other times it may be a live caller. They will often claim that your accounts are suspended, that your payments are overdue and other similar claims that are made to scare you and cause you to act without thinking.

It is very important to remember that OneAZ Credit Union never asks for personal information by phone or through email. Do not give out any information over the phone to unknown callers. Instead, contact your financial institution or credit card company directly to verify the validity of the message.


Identity theft is the fastest growing type of fraud in the United States, according to the Federal Trade Commission. Protect your identity as well as your family's identity, with up-to-date credit monitoring and restoration services with enrollment in Identity Theft Shield. As a member of OneAZ Credit Union, these services are offered at a reduced price and you can save even more when you enroll in both LegalShield and Identity Theft Shield. Click here to learn more.