MSUFCU was notified of a data breach at Michaels Craft Stores between May 8, 2013, and January 27, 2014. The company’s statement says the attack on Michaels targeted a limited portion of the point-of-sale systems at a varying number of stores during that time. The affected systems contained certain payment card information, such as card number and expiration date, for both Michaels and Aaron Brothers customers. There is no evidence that other customer personal information, such as name, address, or PIN, is at risk in connection with this issue. MSUFCU is working to determine the impact this will have on our membership. Account security is a top priority for MSUFCU and we are taking every precaution to ensure our members’ financial security.
If you believe your card/account was affected by the compromise, we encourage you to contact MSUFCU as soon as possible:
We are here to assist members in taking the necessary precautions to protect their accounts. MSUFCU members who experience fraud on their MSUFCU account will not be held liable due to Visa’s zero fraud liability protection, as long as it is reported to us as soon as possible.
We’d like to remind our members to be diligent in regularly monitoring their accounts.
Should you see any suspicious transactions or preauthorizations on your MSUFCU account, please contact us immediately so that we can take the necessary precautions to protect your account.
We also recommend to periodically review your credit report and report inaccuracies or possible fraud. You may order a copy of your credit report each year from one of the major credit bureaus at www.annualcreditreport.com.
On Tuesday, April 8, a serious website vulnerability was made public and has been widely discussed in news and social media outlets. The vulnerability, named the "Heartbleed bug," is a defect in the commonly used cryptographic software library called OpenSSL. The OpenSSL software library provides SSL/TLS encryption for many web services (like retail/business websites, social websites, email, etc.) and is used by companies all around the world. The vulnerability that was found allows an attacker to read the memory for systems that, under normal conditions, are protected by the SSL/TLS encryption. Reading the memory in this way means that an attacker could be able to see any sensitive web communication traffic including private key information (a password-like piece of information used for encryption) and username and password credentials.
MSUFCU's Response to Heartbleed
We became aware of this issue shortly after its posting online and we immediately took action to patch the vulnerability for all of our affected servers. We have replaced the SSL encryption certificates for all servers that had the affected version of OpenSSL. Since most of our affected systems did not capture member login information, we have determined that the potential exposure is minimal.
MSUFCU's website is no longer vulnerable to the Heartbleed bug and continues to provide secure online services to our membership.
Should you have questions or further concerns, please do not hesitate to contact MSUFCU. We are happy to assist you.