What & When
On September 29th, NWCU received a list of NWCU members affected by a data security compromise that happened with Newcourse Communications, the statement vendor that manages our mortgage statements with TruHome Solutions, LLC.
How Members may be affected
2,364 NWCU members with TruHome Mortgages were included in either high or medium levels of data compromise by a third party. NWCU systems were not affected and we are notifying you to assist with any actions you will need to take to protect your credit record or other account information.
Affected members should anticipate a letter from Newcourse Communications later in October; this letter will contain a code for complimentary credit monitoring and will include a logo that looks like this:
Is My Account Safe?
This was a third-party security incident; no Northwest Community Credit Union systems were compromised. While serious, there are actions you can take now to protect your credit.
What is NWCU doing to make sure my accounts are not accessed?
Registered devices are recognized by online banking and will not permit sign in on an unknown device. Our normal validation processes cover questions outside of the information involved in the compromise. We also recommend you set up account alerts to notify you of activity on your accounts. Freezing your credit file with all three agencies is highly recommended because of the nature of information compromised.
Steps to Take:
Place a Fraud Alert on Your Credit File
We recommend that you place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
P.O. Box 105069
Atlanta, GA 30348-5069
P.O. Box 9554
Allen, TX 75013
Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016-2000
Consider Placing a Security Freeze on Your Credit File
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788 (888)-298-0045
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094
Sign up for Complimentary Credit Monitoring
Credit monitoring provided by IDX courtesy of Newcourse Communications and TruHome Solutions. You will receive a letter from TruHome Solutions' vendor Newcourse Communications with a code to initiate your complimentary credit monitoring.
Please Note: If you act now to freeze your credit, you will need to temporarily remove the freeze to sign up for Credit Monitoring and then re-apply the freeze. This is inconvenient, but the most secure method to apply preventive measures to prevent use of your data.
What Information was Compromised?
Approximately ten percent of the total impacted members (232) were included in the High category which includes access to sensitive personal data such as SSN, Driver’s License Number, Passport Number and loan account information.
The remainder (2,132) have had Medium exposure of personal data including all other personally identifiable information (PII), including loan numbers, other account numbers (other than the accounts described above), demographics (including DOB, etc.), insurance policy numbers and insurance accounts, and application numbers.
How we’re notifying the affected Members
We’re notifying all the high exposure members by phone call. All 2,364 affected NWCU members will receive an email notification letter the week of October 3rd and followup hard copy letter from NWCU. Newcourse Communications is also sending a letter to all affected NWCU members beginning October 7-14th.
How Did this Occur? Why Did it Take so Long to Notify Affected Members?
Newcourse discovered unauthorized access to their network occurred between April 27, 2022 and May 3, 2022. They launched an investigation in consultation with cybersecurity professionals to analyze the extent of any compromise of the information on their network. They first reported to TruHome Solutions, LLC on August 26, 2022 (and TruHome Solutions, LLC confirmed on September 23, 2022, based on its own investigation) that NWCU member information may have been removed from the Newcourse network without authorization in connection with this incident. NWCU was alerted September 14th of a data security compromise, but the scope or numbers affected was not provided to NWCU until September 29, 2022.