DEPTFORD, N.J.—The $473-million First Harvest Federal CU here has disclosed a data breach involving unauthorized access to an employee email account that may have exposed names, Social Security numbers, financial account information and payment card information, according to state breach notices and data-breach tracking reports, Claim Depot reported.
The credit union said it became aware Feb. 3 of suspicious activity involving the email account. An investigation found an unknown actor accessed one employee email account on Jan. 14 and may have viewed data stored there. First Harvest completed its review of the potentially affected information on April 17 and began mailing notices to affected consumers May 6, Claim Depot said.
The breach was reported to attorneys general in multiple states, including Maine, Massachusetts, Nebraska, Vermont and New Hampshire, according to Claim Depot. The Maine filing lists the breach date as Jan. 14 and the discovery date as April 17; one legal report said eight Maine residents were affected, while the total number of affected individuals has not been publicly disclosed.
The incident has already drawn attention from plaintiffs’ firms and legal-advertising sites, including ClassAction.org, which said attorneys are gathering affected consumers for possible mass arbitration. First Harvest serves more than 50,000 members and is the largest credit union in Southern New Jersey