The Philadelphia Federal Credit Union has confirmed a successful string of fraudulent transactions which have impacted close to 400 members.
Over the weekend, PFCU members reported unauthorized withdrawals and transactions which affected customers with accounts held by the union on Standwood Street and Roosevelt Boulevard.
As reported by Action News, many customers realized something was wrong on Monday morning, at which time PFCU confirmed that account information belonging to customers may have been compromised.
Internal teams discovered the "potentially fraudulent activity" on July 8, "involving a small percentage of members' debit cards."
The credit union insists that the incident is not the rest of an internal data breach, but the cause and full scope have yet to be determined.
See also: Fieldwork Software database leak exposed sensitive SMB records, customer credit card details
Current estimates suggest that up to 400 PFCU members have been affected. Some accounts were accessed more than once over the weekend, with stolen amounts ranging from $200 to $500.
The money was taken from ATMs, which may suggest that the debit card details of victims were stolen and cloned onto new cards, although how PIN codes were obtained is also debatable. Each individual involved in the security incident will be notified and new debit cards will be issued.
CNET: The best DIY home security systems of 2019
"PFCU's security and loss prevention specialists are working diligently to determine the cause of the incident," the union says.
PFCU has promised to reimburse stolen funds.
The scope of this security incident may result in a hefty bill for the credit union, but data breaches and fraudulent campaigns can be far more damaging and not so limited in scope.
TechRepublic: Why Apple should follow Microsoft's move to get rid of passwords
In related news this week, British Airways faces a record £183 million fine due to be issued by the UK's Information Commissioner's Office (ICO) for security failures which impacted hundreds of thousands of customers visiting the BA website. The personal details of up to 500,000 individuals are thought to have been stolen.
These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0