Neighbors Credit Union Data Breach Notice Follows Ransomware Attack

On September 20 and 21, 2024, Neighbors Credit Union, serving the greater St. Louis area, experienced a significant data breach. According to disclosures filed with the Massachusetts Attorney General's office and the Texas Attorney General's office, an unauthorized third party accessed the credit union’s computer systems and exfiltrated sensitive files.

The breach was carried out by a ransomware group known as BLACK SUIT, which later claimed responsibility and posted the incident on a dark web site hosted on the Tor network.

The breach affected at least 2,406 individuals in Texas and 1,727 in Massachusetts, with the total number likely higher across other states. The compromised data includes a wide range of personally identifiable information (PII) and protected health information (PHI): names, Social Security numbers, driver’s license numbers, dates of birth, financial account numbers, credit and debit card numbers, and medical information.

The attackers were able to acquire this information by infiltrating Neighbors Credit Union’s network and copying files during the two-day window.

The severity of this incident is heightened by the nature of the stolen data—much of it highly sensitive and valuable for identity theft or financial fraud. The ransomware attack was sophisticated enough to bypass existing security measures, prompting the credit union to immediately involve law enforcement and cybersecurity experts to investigate and contain the breach.

Neighbors Credit Union's response

In the wake of the breach, Neighbors Credit Union took several steps to secure its systems and support affected members. The company initiated an internal investigation, engaged a forensic security firm to analyze the incident, and notified law enforcement.

To help protect those impacted, Neighbors Credit Union is offering a complimentary two-year membership to Experian IdentityWorksSM Credit 3B. This service provides credit monitoring across all three major credit bureaus, identity restoration assistance, and up to $1 million in identity theft insurance.

If you received a notification letter, it is important to take advantage of the free credit monitoring and review your credit reports for any suspicious activity. You should also consider placing a security freeze or fraud alert on your credit files to prevent unauthorized access.

Additional guidance and resources are available in the official notice to consumers, which will be included at the bottom of this page in PDF format.

For more information, you can review the official disclosures on the Texas Attorney General’s data breach reports page and the Massachusetts Attorney General’s breach notification.

For more information, visit the Neighbors Credit Union website.