Connex Credit Union, located in New Haven, Connecticut, has recently reported a significant data breach affecting the personal information of approximately 172,000 individuals. The breach was identified by Connex as “unusual activity” on its network on June 3, revealing unauthorized access to specific files on that day and the preceding day, as detailed in a communication sent to affected customers.
This incident coincides with a period in which Google issued warnings about an organized voice phishing (vishing) attack targeting various organizations for extensive data theft. The group behind these activities, referred to as ShinyHunters, was implicated in similar breaches around the same timeframe that Connex detected the unusual network activity.
Connex was able to confirm which individuals’ personal information might be compromised by July 27, as cited in the letter disclosed by the Maine Attorney General. The data exposed in the breach included names, account numbers, debit card details, and Social Security numbers, among other government identification necessary for account creation.
Importantly, the credit union has indicated that there is “no reason to believe this incident involved unauthorized access to member accounts or funds,” aiming to reassure customers about the security of their financial holdings. In addition, Connex has issued a warning on its website regarding ongoing phishing attempts where scammers are posing as Connex employees, reminding customers to remain vigilant as the financial institution will never request sensitive information like PINs or passcodes via phone.
As explored in Google’s Threat Intelligence Group analysis posted on June 4, the group ShinyHunters has been linked to financially motivated vishing campaigns. Although Connex has not officially named ShinyHunters as the source of the data breach, the timing suggests potential overlap. ShinyHunters is known for using social engineering techniques where its operators impersonate IT support staff during calls, ultimately tricking employees into divulging confidential information.
This method of operation often leads to unauthorized access to sensitive organizational data without exploiting software vulnerabilities. Targeting systems like Salesforce, ShinyHunters has been known to deceive users into authorizing harmful applications that then facilitate extensive access to data. Following the initial breach, these attackers employed harvested credentials to navigate through networks, infiltrating accounts across various cloud platforms, such as Okta and Microsoft 365.
The incident involving Connex underscores the necessity for banks and credit unions to employ a comprehensive defense-in-depth strategy. It highlights the imperative for robust access controls and security measures in third-party platforms like Salesforce, which financial institutions must configure according to regulatory standards. These controls are essential not only for prevention but also for mitigating risks associated with data exfiltration and social engineering attacks.
Google has recommended several strategies to combat such threats effectively, emphasizing the importance of the principle of least privilege, enforcing IP-based access restrictions, and implementing universal multi-factor authentication across organizations. By adhering to these guidelines and maintaining vigilant security protocols, institutions can enhance their resilience against malicious actors.
The Connex breach illustrates a broader concern in cybersecurity, particularly in the financial sector, making it imperative for organizations to remain proactive in fortifying their defenses against evolving threat vectors, including those identified in the MITRE ATT&CK framework such as initial access and privilege escalation techniques.
