DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CU Collections Notifies Customers of Data Security Incident

Posted on September 12, 2020 by Dissent

The following press release was released on Friday, September 11,  after 5 pm. It appears to be the same press release CU Collections issued on July 29, with the exception that this one specifically mentions Wellspring Credit Union:

CU Collections, LLC (“CU Collections” or the “Company”) announced today that it had suffered a data security incident and information in its possession may have been accessed or made public by unauthorized persons. CU Collections works with several partner credit unions, including Wellspring Credit Union of Bridge City, TX to help collect unpaid loans and other delinquent accounts.

In February 2020, CU Collections learned that it had been the victim of a cyber attack, enabling unauthorized parties to access personal information which had been provided to CU Collections in order to collect money owed to its partner credit unions. Immediately upon discovering this, CU Collections worked with industry-leading cybersecurity firms to conduct an investigation.  In addition, CU Collections consulted with law enforcement about this criminal activity and will continue to provide whatever cooperation is necessary to hold the malicious actors accountable.

The affected personal information may have included names, addresses, Social Security numbers, financial account numbers, and/or driver’s license numbers of people who had become delinquent on their credit union loans or accounts.

CU Collections has been working closely with cybersecurity experts to resolve this incident and to improve the security of their systems to prevent a similar incident from occurring in the future.

CU Collections encourages customers to carefully review and monitor their various account statements. If a member of Wellspring Credit Union believes his or her information may have been affected, the member should immediately contact their credit union. CU Collections promptly notified its partner credit unions when it found out about the event so that they could safeguard member accounts. CU Collections is also offering complimentary identity protection and credit monitoring services for all potentially affected members. Further information for members, including how to enroll in these free services, can found by calling our dedicated call center at 855-907-2105 between 9:00 AM and 9:00 PM Eastern Time.

Wellspring Credit Union did not suffer a breach or cyber attack and only applies to accounts that were being handled by CU Collections.

About CU Collections:

CU Collections is an agency headquartered in Manassas, Virginia, that helps partner credit unions to collect unpaid accounts.

SOURCE CU Collections, LLC

Category: Financial SectorHackSubcontractorU.S.

Post navigation

← Fairfax County Public Schools confirms it was a victim of cyberattack
Singapore Says Grab’s Fourth Privacy Breach Is Concerning →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.