September 8, 2017 - Equifax Data Breach

You may have heard through the media that Equifax recently experienced a data security breach. Equifax is one of the three major credit reporting bureaus in the United States. Equifax has publicly posted on their website that this breach occurred between mid-May and July of 2017. Their investigators stated that criminals exploited a website application vulnerability to gain access to certain files. An estimated 143 million U.S. consumers could be impacted by this breach. According to Equifax’ website, information accessed includes names, Social Security numbers, birth dates, addresses and driver’s license numbers.

It is important to note that this issue is not related to the OneAZ Credit Union website and our member databases. OneAZ Credit Union has not been notified by Equifax that any OneAZ Credit Union member or account information has been compromised.

For updates and more information about the Equifax breach, please visit, so you can verify if Equifax identified that your information may be subject to the breach. Equifax is providing consumers with free credit file monitoring and identity theft protection. If you have any further questions, please contact the Equifax call center at 866.447.7559. 

The Federal Trade Commission has issued helpful information and consumer tips on the Equifax breach. Please visit

For years, OneAZ Credit Union has partnered with LegalShield to offer Identity Theft Shield to our members at a discounted rate. For more information about this program, please click here.

We recommend taking the following steps to help reduce your risk of identity theft:

  • Determine whether your information may have been part of the breach. Visit and follow the steps to determine whether your personal information was potentially impacted.
  • Enroll in an identity theft protection program. Several reputable organizations offer credit monitoring and identity theft protection programs, which notify you of any suspicious activity.
  • Continue to monitor all financial accounts. Most identity theft prevention programs monitor all three major credit bureaus for activity on your accounts. However, it is important to monitor all of your financial accounts. Some prevention programs also monitor your passport, criminal record and driver’s license number.

June 15, 2017 - Chipotle Data Breach

You may have heard through the media that Chipotle recently experienced a data breach. They have pinpointed that this breach occurred between March 24, 2017 and April 18, 2017. Their investigators stated that malware was designed to access payment card data from cards used on point-of-sale devices at certain Chipotle restaurants. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.

There were multiple restaurants throughout Arizona that were affected. Not all locations were affected and the specific time frames vary by location. We have been notified that some OneAZ Credit Union cardholders may be impacted by this breach. Our fraud monitoring service is on high alert and will be monitoring for fraudulent activity.

Please remember to always be diligent in reviewing your card statements to monitor for any unauthorized activity. You should immediately report any unauthorized activity to your card issuer. The phone number to report any unauthorized activity is generally on the back of your payment card.

For more information pertaining to this breach and to see the specific locations and time frames these locations were affected please visit Chipotle’s security page:


May, 2017 - DocuSign Data Breach

You may have heard through the media that DocuSign recently experienced a data breach. DocuSign is a service often used to electronically sign financial documents, i.e. mortgage or consumer loans.

DocuSign detected an increase in phishing emails sent to users.The emails “spoofed” the DocuSign brand in an attempt to trick recipients into clicking a link that opens a Word document that installs malicious software.

The company said the only information that was stolen from the non-core system in the DocuSign data breach were email addresses.DocuSign said that “names, physical addresses, passwords, social security numbers, credit card data or other information” was not accessed.

DocuSign users should be on the lookout for fake emails that claim to be from DocuSign. You can identify these fake emails by checking for misspellings, incorrect email addresses and links that do not lead to DocuSign’s official websites. Here are a few simple techniques to help you protect your personal information:

  • Hover over the link – URLs to view or sign DocuSign documents contain “” and always start with https.
  • When in doubt, access your documents directly from by entering the unique security code, which is included at the bottom of every DocuSign email.
  • Do NOT open unknown or suspicious attachments, or click links – DocuSign will never ask you to open a PDF, Microsoft Office documents, or zip files in an email
  • Look for misspellings, poor grammar, generic greetings, and a false sense of urgency
  • Enable multi-factor authentication when possible
  • Use strong, unique password for each service – don’t reuse passwords on multiple websites

If you come across these type of fake emails, please forward them to After doing this, DocuSign suggests that users delete the emails from their inboxes. It also recommends that users make sure their antivirus software is up to date

For updates and more information, please visit the DocuSign Trust Site where new information will be posted when it becomes available. If you have any questions, please email or call (800) 379-9973.