Steinbach Credit Union outlines next steps after security breach

Hey there, time traveller!
This article was published 19/11/2024 (381 days ago), so information in it may no longer be current.

People who called Steinbach Credit Union’s contact centre between Nov. 11 and Nov. 12 are at a higher risk for fraud following a phone incident last week.

An unauthorized third party redirected calls made to Steinbach Credit Union’s member contact centre from 10:18 a.m. on Nov. 11 to around 10:15 a.m. on Nov. 12. The contact centre was closed for Remembrance Day; staff noticed something was wrong when the lines were quiet the next morning.

During that 24-hour period, the third party gained access to call logs dating back to Sept. 11. Caller identification names, phone numbers and call dates were the only information leaked, according to SCU.

The credit union didn’t immediately answer how many people are affected. Its investigation is ongoing.

SCU is advising people who called during the time of the incident — some possibly shared additional personal information over the phone — to visit a branch or email incident@scu.mb.ca. If emailing, members should only share their first name, the phone number they previously used and the estimated call date.

There is a chance people who called earlier, between the period of Sept. 11 and Nov. 11, will receive a call from someone claiming to be an SCU employee, the credit union noted. Affected members should visit a branch or email the incident address mentioned above, following the same instructions as Remembrance Day callers.

People who phoned during the two-month time frame but haven’t received a call should “remain vigilant,” a Tuesday SCU notice posted online reads.

Members who haven’t called the contact centre since Sept. 11 likely aren’t impacted, SCU stressed.

“Should we discover additional information, we are committed to sharing it with our members as quickly as possible,” its memo states.

The credit union will never ask for passwords or debit card numbers, send emails while on the phone and ask members to click the link, ask members to read back a verification number they’ve been texted, or ask for money sent through Interac e-Transfer, the memo outlines.

SCU created an incident task force to take immediate action. This included “implementing an enhanced monitoring and member verification process.”

The credit union didn’t immediately respond to questions about the third party’s origins or the steps it’s taken to ensure the incident never repeats. SCU’s service provider has taken “necessary steps” to mitigate future risks, it shared in its update.

SCU’s internal investigation found a “bad actor” had likely got the credit union’s telephone provider to change its member contact centre phone information, chief executive Glenn Friesen told the Free Press last week.

He declined to say how many people phoned on Remembrance Day, adding the number was “very low” compared to a non-holiday Monday.

SCU will continue to share updates online at scu.mb.ca/incident.