SRP Federal Credit Union Hit by Cyberattack, 240,000 Members Affected
Approximately 240,000 individuals fell victim to a cyberattack targeting SRP, one of the largest federal credit unions in South Carolina. According to documents filed by the company with regulatory authorities in Maine and Texas, suspicious activity within the network was first detected in the fall of this year. Founded in 1960, SRP managed assets exceeding $1.6 billion as of 2022.
The investigation revealed that hackers had access to the credit union’s systems between September 5 and November 4, 2024. During this time, certain files were likely exfiltrated. The investigation, concluded on November 22, confirmed the breach of sensitive data.
The stolen information included names, Social Security numbers, driver’s licenses, birth dates, and financial details such as account numbers and credit and debit card information.
SRP Federal Credit Union assured that the attack did not compromise its online banking platform or core data processing systems. However, inquiries from journalists regarding the scope and exact nature of the stolen data remain unanswered.
A newly identified ransomware group, Nitrogen, claimed responsibility for the cyberattack, stating they had stolen 650 GB of client data. However, there has been no official confirmation that the incident involved a ransom demand.
The Nitrogen group was first documented by researchers at HackManac in October 2024. Previously, they targeted Canadian video game developer Red Barrels, causing significant delays in the release of its games.
Such attacks on credit unions are becoming increasingly frequent. Last year, approximately 60 credit unions experienced widespread disruptions following an attack on a prominent software provider. The incident prompted federal regulatory intervention after numerous customer complaints about losing access to their accounts for several days.
In another incident, a cyberattack in July paralyzed the operations of a major credit union in California for several weeks.
