The Andovers Federal Credit Union Data Breach

What Happened?

On July 2, 2023, Bradford-Scott Data, LLC, a technology service provider for The Andovers Federal Credit Union, detected unusual activity within a limited portion of their network. This prompted an immediate security response to protect the environment and an extensive investigation to understand the scope and nature of the activity. It was discovered that between May 19 and May 28, 2023, certain files were likely copied from their network.

After a detailed review completed by December 10, 2023, it was confirmed that personal information including names and taxpayer identification numbers (typically Social Security Numbers) were involved. This incident has impacted 43,435 individuals nationwide, including 63 residents of Maine. The breach was first reported to the Maine Attorney General's office on February 29, 2024, and additional information was provided on April 11, 2024. You can view the full disclosure on the Maine Attorney General's website.

Notification and Response

Bradford-Scott has taken this breach seriously and has implemented multiple security measures to enhance their network's defenses. They have also reported the incident to federal law enforcement and are in the process of notifying affected individuals and regulators.

On April 11, 2024, Bradford-Scott began sending out written notifications to the affected parties, informing them about the breach and the steps being taken in response. These notifications include an offer for free credit monitoring and identity theft protection services through IDX, A ZeroFox Company. The services offered include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.

Steps You Can Take

If you believe you might be affected by this breach, it is crucial to stay vigilant and monitor your financial accounts and credit reports for any unusual activity. Here are some steps you can take:

1. Enroll in Credit Monitoring Services: You can enroll in the services provided by IDX by visiting their website here. Make sure to use the enrollment code provided in your notification letter.
2. Monitor Your Accounts: Keep an eye on your financial statements and sign up for alerts. You are entitled to a free credit report annually from each of the major credit bureaus—Equifax, Experian, and TransUnion. Visit AnnualCreditReport.com or call 1-877-322-8228 to request your reports.
3. Place a Fraud Alert or Credit Freeze: You can place a fraud alert on your credit reports which helps protect against the opening of new credit accounts in your name. Alternatively, a credit freeze will lock your credit reports entirely. Contact each of the three major credit bureaus to set these up: Equifax, Experian, and TransUnion.
4. Report Suspicious Activity: If you detect any suspicious activity or believe you are a victim of fraud, report it immediately to your financial institution, and consider filing a report with the local police or the Federal Trade Commission at IdentityTheft.gov.