The Pentagon Federal Credit Union (PenFed) is dealing with a data security breach involving personal and credit card information exposed after a laptop was infected with malware.
In a letter [pdf] sent to the New Hampshire Attorney General's Office, the credit union's lawyers reveal that the laptop infection was discovered on December 12, 2010.
The malware allowed attackers to access a database containing names, addresses, Social Security numbers, PenFed account numbers, credit or debit card numbers of current and former members, joint owners, employees and beneficiaries.
The letter states that 514 New Hampshire residents were affected by the incident, but the total number of people involved has not been disclosed.
PenFed doesn't have any indication that the illegaly accessed information was misused so far, but out of caution it has reissued all exposed credit and debit cards.
The federally chartered credit union started sending notification letters to the affected individuals on Tuesday in which it offers them a two-year free subscription to an identity theft protection service from Kroll.
Called ID TheftSmart, the service involves credit reports, credit monitoring, as well as identity theft consultation and restoration. Nevertheless, people are strongly advised to routinely review their account statements and credit reports for suspicious activity.
A fraud alert can also be placed with one of the three major credit reporting agencies, Experian, Equifax and TransUnion. This instructs creditors that they should conduct more extensive verifications when issuing credit for the flagged identity.
"We apologize for any inconvenience or concern this incident may cause and appreciate your continued trust in Pentagon Federal Credit Union. We are committed to maintaining your privacy as a key priority and will continue to take the steps necessary to protect your information," PenFed's executive vice president of operations, Roderick B. Mitchell, wrote in the letter.