St. Mary's Bank customers warned of security breach

The credit union began mailing letters on July 12 to warn of the problem

Manchester-based St. Mary’s Bank, the nation’s oldest credit union, is alerting more than 115,000 of its current and former members of a recent security breach that may have exposed their personal information, including Social Security numbers and transaction records.

On July 12, St. Mary’s began mailing letters notifying some 115,775 New Hampshire residents of a data breach at the credit union, according to a filing with the New Hampshire Attorney General’s office.

In the letter sent to members by St. Mary’s CEO Ron Covey, the credit union said that on May 26 it discovered malicious software (malware) on an individual employee workstation computer.

The credit union immediately called in a computer security consulting firm to analyze its entire computer system and isolate and eliminate the malware.

The firm discovered that the malware – which was designed to capture information as it appeared on individual computer screens – could have been introduced into 23 workstation computers starting in February.

So far, there is no indication of unusual activity in member accounts due to the malware, said Covey.

“We have found no evidence that sensitive information, such as names, addresses, Social Security numbers, account information, or transaction records, was acquired by any unauthorized individual,” wrote Covey in the letter.

St. Mary’s is offering affected members one year of free credit monitoring and identity theft protection services through Experian and, although online banking did not appear to be affected, is urging members to change their online banking passwords.

“We deeply regret the inconvenience this may cause you,” wrote Covey, adding that the credit union “continues to further enhance its information security measures.”


Categories: News