UKFCU Fraud Awareness Center - Alerts
November 17, 2008 University of Kentucky FCU Phishing Notification
We have received notification from our CURewards™ merchandise vendor, Hinda Incentives, regarding an investigation of a potential systems breach.
While Hinda has not fully completed their investigation of this incident, we have received the following information from them: NO ACCOUNT NUMBER INFORMATION IS AT RISK AND NO MEMBER PASSWORDS ARE AT RISK. ALL ACCOUNT NUMBER INFORMATION AND PASSWORD DATA IS FULLY ENCRYPTED WITHIN THE HINDA ENVIRONMENT.
The attack on the Hinda system environment was targeted at the CURewards™ website that credit union members visit for general information and rewards redemption. Hinda’s investigation indicates that the attackers were successful in gaining access to the supplemental security questions used to facilitate the reset of forgotten passwords. Only credit union cardholders who completed the online rewards registration process are potentially affected.
As a result of this incident, the attackers would have clear access to the member’s name, email address, user ID, address and ship to address. As mentioned above, no passwords or account numbers are at risk. In addition, the website’s forgotten password functionality has been disabled. This action, in essence, nullifies the attacker’s ability to use the supplemental security question information obtained through the attack.
Hinda will be initiating a procedural change that will require the currently registered website rewards users to re-register online. The re-registration process will require users to choose new and different supplemental security questions and, as a result, a new password will be required to be selected. Users will see a prompt on the website instructing them to re-register as part of an enhancement to Hinda’s online security.
We will be providing continuing updates on this situation as additional information becomes available.
Please contact Cardholder Services at (800) 654-7728 with any questions. Thanks!
| Fraud Alert History | ||
|---|---|---|
| Date | Title | Original Message |
| October 26, 2009 | Phishing Email | view email |
| November 17, 2008 | CU Rewards | view email |
| October 31, 2007 | Phishing Email | view email |
| July 30, 2007 | Phishing Email | view email |
| March 26, 2007 | University of Kentucky FCU Notification | |
| March 12, 2007 | Restore your online banking account access
within 48 hours to avoid suspension! |
view email |
| January 16, 2007 | Debit and Credit card fraud | |
| September 5, 2006 | University of Kentucky FCU | view email |
