July 13, 2018 - Macy's Data Breach
Macy’s, Inc. recently announced that they experienced a data breach earlier this year. They have pinpointed that this breach occurred between April 26 and June 12, 2018. Their investigators stated that hackers obtained names and passwords of online customers of Macys.com and Bloomingdales.com from a third party. The hackers may have accessed the customers’ credit/debit card number and expiration date, as well as full name, address, phone number, email address and birthdate. Macy’s said that the accounts do not include social security numbers or CVV numbers that appear on backs of credit cards.
According to Macy’s, approximately 0.05% of customers who were registered on Macys.com or Bloomingdales.com have been impacted and notified. Our fraud monitoring service is on high alert and will be monitoring for fraudulent activity.
Please remember to always be diligent in reviewing your card statements to monitor for any unauthorized activity. You should immediately report any unauthorized activity to your card issuer. The phone number to report any unauthorized activity is generally on the back of your payment card.
For more information pertaining to this breach, please visit the Identity Theft Resource Center: https://www.idtheftcenter.org/macys-online-account-data-breach/
September 8, 2017 - Equifax Data Breach
You may have heard through the media that Equifax recently experienced a data security breach. Equifax is one of the three major credit reporting bureaus in the United States. Equifax has publicly posted on their website that this breach occurred between mid-May and July of 2017. Their investigators stated that criminals exploited a website application vulnerability to gain access to certain files. An estimated 143 million U.S. consumers could be impacted by this breach. According to Equifax’ website, information accessed includes names, Social Security numbers, birth dates, addresses and driver’s license numbers.
It is important to note that this issue is not related to the OneAZ Credit Union website and our member databases. OneAZ Credit Union has not been notified by Equifax that any OneAZ Credit Union member or account information has been compromised.
For updates and more information about the Equifax breach, please visit https://www.equifaxsecurity2017.com/, so you can verify if Equifax identified that your information may be subject to the breach. Equifax is providing consumers with free credit file monitoring and identity theft protection. If you have any further questions, please contact the Equifax call center at 866.447.7559.
The Federal Trade Commission has issued helpful information and consumer tips on the Equifax breach. Please visit https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.
For years, OneAZ Credit Union has partnered with LegalShield to offer Identity Theft Shield to our members at a discounted rate. For more information about this program, please click here.
We recommend taking the following steps to help reduce your risk of identity theft:
- Determine whether your information may have been part of the breach. Visit EquifaxSecurity2017.com and follow the steps to determine whether your personal information was potentially impacted.
- Enroll in an identity theft protection program. Several reputable organizations offer credit monitoring and identity theft protection programs, which notify you of any suspicious activity.
- Continue to monitor all financial accounts. Most identity theft prevention programs monitor all three major credit bureaus for activity on your accounts. However, it is important to monitor all of your financial accounts. Some prevention programs also monitor your passport, criminal record and driver’s license number.
June 15, 2017 - Chipotle Data Breach
May, 2017 - DocuSign Data Breach
You may have heard through the media that DocuSign recently experienced a data breach. DocuSign is a service often used to electronically sign financial documents, i.e. mortgage or consumer loans.
DocuSign detected an increase in phishing emails sent to users.The emails “spoofed” the DocuSign brand in an attempt to trick recipients into clicking a link that opens a Word document that installs malicious software.
The company said the only information that was stolen from the non-core system in the DocuSign data breach were email addresses.DocuSign said that “names, physical addresses, passwords, social security numbers, credit card data or other information” was not accessed.
DocuSign users should be on the lookout for fake emails that claim to be from DocuSign. You can identify these fake emails by checking for misspellings, incorrect email addresses and links that do not lead to DocuSign’s official websites. Here are a few simple techniques to help you protect your personal information:
- Hover over the link – URLs to view or sign DocuSign documents contain “docusign.net/” and always start with https.
- When in doubt, access your documents directly from www.docusign.com by entering the unique security code, which is included at the bottom of every DocuSign email.
- Do NOT open unknown or suspicious attachments, or click links – DocuSign will never ask you to open a PDF, Microsoft Office documents, or zip files in an email
- Look for misspellings, poor grammar, generic greetings, and a false sense of urgency
- Enable multi-factor authentication when possible
- Use strong, unique password for each service – don’t reuse passwords on multiple websites
If you come across these type of fake emails, please forward them to email@example.com. After doing this, DocuSign suggests that users delete the emails from their inboxes. It also recommends that users make sure their antivirus software is up to date
For updates and more information, please visit the DocuSign Trust Site where new information will be posted when it becomes available. If you have any questions, please email firstname.lastname@example.org or call (800) 379-9973.