2022 Data Incident
Important Reminder: Community 1st Credit Union or their divisions (Generations, Bankhere) will never contact you via phone, text, or email to request sensitive personal information such as your PIN or Online Banking password. If you get a call from someone claiming to be from Community 1st Credit Union, Generations, or Bankhere who asks for any of this, hang up immediately. Do not call the number back.
You may have received a letter notifying you of a data incident at Community 1st Credit Union and its divisions Generations, Bankhere, and EzSolarloan. An investigation was unable to determine if any data was compromised during the data incident. We have taken the step of paying for credit monitoring, dark web monitoring and identify theft restoration and insurance services.
The letter you received has a unique registration code that will allow you to use this service. While the service is through Equifax, it also covers changes to your credit reports at Experian and TransUnion.
Frequently Asked Questions
An unauthorized person gained access to the Microsoft 365 email accounts of two employees.
When did this happen?
December 7, 2022 through December 12, 2022
How did this happen?
The employees were tricked by an advanced phishing attack launched using the valid email account of a trusted vendor.
Why was I notified?
Out of an abundance of caution, the credit union decided to notify all current adult members as well as those who previously closed their accounts.
Who was affected?
We have no evidence that any member was affected.
When did you first learn about the incident?
December 12, 2022
Why wasn’t I contacted sooner?
An investigation was necessary to determine the possibility of information exposure and what response would be appropriate.After that time was needed to work with Equifax to acquire credit monitoring and identify theft services for everyone identified.
Do you know if my information was accessed?
No, we don’t know if any person’s information was exposed.
What information was exposed?
We don’t know that information was exposed. However, if information was exposed:
- Most of the potential exposure was in the form of contact lists that included names, addresses, phone numbers, and email accounts.
- In some cases, there was potential exposure of a combination of members’ names and credit card numbers, account numbers, or Social Security Numbers.
Does this mean I am a victim of identity theft?
At this time, we have no indications of misuse of personal data that would put your identity at risk. As a precaution, we have elected to offer credit monitoring services.
Was the information encrypted/protected?
The information was secured in the Microsoft 365 environment but was not encrypted once a login was successful.
Why was this information stored on these computers?
The credit union uses cloud-based email from Microsoft, like many other companies.
How many people are involved?
It is believed that only one unauthorized person was involved in the phishing incident.
Have the police/local authorities been notified?
The appropriate parties were notified.
Have the responsible parties been arrested?
The investigation was unable to determine the responsible parties.
Is my information still accessible?
All access by the unauthorized person was cut off on 12/12/2022.
How can I have my information removed from the server/directory?
The credit union has taken a number of actions to further protect our member information.
What are you doing to prevent this from happening again?
Extra security measures have been put in place to ensure no email account can be accessed with just a username and password, as well as adding extra security monitoring.
Was this a cyber-attack?
This was a phishing attack which is a form of cyber-attack.
Who are you? Are you an employee of Community 1st Credit Union, Generations Credit Union, ezSolarLoan, or BankHere?
I am an employee of a company retained by Community 1st Credit Union and its Generations division to provide call support.
What should I do to protect myself?
Enroll in credit monitoring and identity theft services by using the unique registration code on the notification you received.
Are you providing credit monitoring services?