oefcu ransomware

OE Federal Credit Union this week notified an undisclosed number of people about a data breach that took place at the end of October 2023.

The notification reads, “The potentially impacted files contained full names in combination with one or more of the following: Social Security number, date of birth, bank and/or financial account information, routing number, credit and/or debit card number, expiration date, Taxpayer Identification Number, driver’s license or government ID number, username and password, passport number, medical procedure information, clinical or treatment information, medical provider name, medical record number, prescription information, and health insurance information. Not all information was impacted for all individuals.”

Ransomware group NoEscape claimed the attack on October 29, 2023, and claimed to have stolen 1.13 TB of data. Beyond the data mentioned above, NoEscape also claims to have stolen:

  • SQL databases
  • Contacts of employees and management
  • A history of clients’ financial movements from 2020 to 2023
  • Project documents
  • Tax documents
  • Loan documents
  • Contracts and agreements
  • Reports
  • Accounting data

OEFCU says it completed its investigation on April 1, 2024. It has not confirmed NoEscape’s claim.

Although OEFCU says it has no evidence that the stolen data has been misused, victims should still assume the worst and take steps to protect their identity and finances. We recommend victims take advantage of the free credit monitoring offered by OEFCU via Experian.

OEFCU has not stated how many people were affected, whether it paid a ransom, or how attackers infiltrated its systems. Comparitech contacted OEFCU for comment and will update this article if it responds.

Who is NoEscape?

NoEscape is a ransomware gang that first emerged in May 2023. It operates a ransomware-as-a-service business model in which clients pay NoEscape a portion of proceeds to use the malware and get support. It also employs DDoS attacks to disrupt target operations and coerce victims into paying ransoms.

Comparitech has recorded 26 confirmed ransomware attacks by NoEscape since it surfaced.

Its targets mostly span North America and Europe, and notably not Russia or other former Soviet Union countries that are now part of the Commonwealth of Independent States (CIS). Targeted industries include professional services, manufacturing, healthcare, construction, and education.

NoEscape often extorts victims twice: once for a decryption key to restore systems, and again in exchange for not selling or publicly releasing stolen data.

Ransomware attacks on US financial organizations

So far this year, Comparitech has logged nine confirmed attacks on US financial organizations, impacting 17.2 million records. The majority of those records (16.9m) are from an attack on LoanDepot.

We recorded 50 attacks on US financial organizations in 2023, affecting 4.6 million records. The average ransom amount during that period was $730,000.

Since April 2023, we’ve also logged 114 unconfirmed attacks in US finance.

About OE Federal Credit Union

Founded in 1964, OE Federal Credit Union is the largest labor-based credit union in the United States. Its website says it has more than 100,000 members across six states, and serves 125 union groups. It operates 10 branch locations around the San Francisco, California area.