The privacy and security of protected personal information is of the utmost importance to Texas Dow Employees Credit Union (“TDECU”). This notice contains information regarding a data security incident that involved certain protected personal information collected and maintained by TDECU. TDECU is providing individuals with information about the incident and the services being made available to those who are involved. TDECU continues to take significant measures to protect personal information.

TDECU was notified by a third-party vendor used by TDECU to transfer data, MOVEit, that they were compromised by a bad actor on or around May 31, 2023 in an attack that affected thousands of organizations, government entities, private businesses, financial institutions and more around the world, with over 20 million individuals impacted. Certain TDECU data may have been viewed or taken by the bad actor as part of this attack. There was no compromise of TDECU’s broader network security.

Upon learning of this issue, TDECU immediately commenced a prompt and thorough investigation. As part of the investigation, TDECU engaged external cybersecurity professionals who regularly investigate and analyze these types of situations to help determine the extent of any compromise of the information on the TDECU network. It was determined that there was no compromise of TDECU’s broader network security. Following our investigation, we discovered on July 30, 2024, that certain files containing personal information of TDECU members were potentially removed from MOVEit by the bad actor between May 29-31, 2023. The impacted data includes full names in combination with Date of Birth, Social Security Number, Bank / Financial Account Number, Credit / Debit Card Number, Driver's License / Government ID, and Taxpayer Identification Number.

To date, TDECU is not aware of any incidents of identity fraud or financial fraud as a result of the incident. Nevertheless, out of an abundance of caution, TDECU is providing notice to the affected individuals commencing on August 23, 2024. The notified individuals who have had their Social Security number impacted will receive complimentary credit monitoring services. Furthermore, notified individuals may take steps to protect themselves including placing a fraud alert/security freeze on their credit files, obtaining free credit reports, and remaining vigilant in reviewing financial account statements, explanation of benefits statements, and credit reports for fraudulent or irregular activity on a regular basis. In addition, individuals who may have had their Social Security number involved are encouraged to enroll in complimentary credit monitoring services provided in the notification letter. For more information on how to best protect yourself from identity theft, please visit https://www.experianidworks.com/3bcredit.

Individuals who have questions or need additional information regarding this incident or to determine if they are notified may reach out to the toll-free response line that TECU has set up to respond to questions at 866-573-9704. This response line is available Monday through Friday 8:00 a.m. to 8:00 p.m. Central Time, Monday through Friday, excluding major U.S. holidays).

1. Placing a Fraud Alert on Your Credit File.

You may place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.

2. Placing a Security Freeze on Your Credit File.

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “security freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

If you do place a security freeze prior to enrolling in the credit monitoring service as described above, you will need to remove the freeze in order to sign up for the credit monitoring service. After you sign up for the credit monitoring service, you may refreeze your credit file.

3. Obtaining a Free Credit Report.

Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.