PenFed Data Breach

What Happened?

On or about February 22, 2024, U S #1364 Federal Credit Union, known as PenFed, experienced a significant cybersecurity incident. This incident may have resulted in unauthorized access and acquisition of sensitive personal information belonging to its members. PenFed is a well-established financial institution that prides itself on serving over 2.8 million members worldwide, offering a range of financial services including loans, savings, and credit cards. To learn more about PenFed, you can visit their website here.

The types of consumer information that were potentially compromised include full names, Social Security Numbers, dates of birth, addresses, proofs of current address, government-issued identification cards, Social Security cards, pay stubs, and W2 forms. This breadth of information is particularly concerning as it could be used for identity theft or other fraudulent activities.

PenFed has disclosed this data breach to the Attorney General's office in Massachusetts, and the details of the disclosure can be found on the Massachusetts Attorney General's website here.

In response to the incident, PenFed has sent out a Notice to Consumers to inform affected individuals about the breach and offer guidance on steps to take to protect their personal information. This notice includes a comprehensive list of actions that individuals can take, such as placing a security freeze on credit reports, enrolling in credit monitoring services, and staying vigilant by reviewing account statements and credit reports for any unauthorized activity.

PenFed is offering complimentary access to Experian IdentityWorksSM for 24 months to help monitor and protect affected individuals' credit. This service includes identity restoration support and a $1 million identity theft insurance policy. To enroll, affected members should visit the Experian IdentityWorks website here and use the provided activation code before the deadline of 5:59 pm CT on 06/11/2024.

For those looking to learn more about the steps to take following this incident, PenFed advises setting up account alerts, adding fraud alerts to credit files, and contacting law enforcement if identity theft is suspected. The Federal Trade Commission (FTC) also provides resources on identity theft and can be reached at (877) 438-4338 or online here.

PenFed has expressed its apologies for any concern caused by this incident and has established a dedicated assistance line for any questions: (866) 495-4836, available from 8:00 am - 5:30 p.m. CT.

It is crucial for those affected to take immediate action to safeguard their personal information. By following the steps outlined in the Notice to Consumers and staying informed, individuals can better protect themselves from potential repercussions of this data breach.