Anthem has announced that their database that contained up to 80 million customer records was
compromised. At this time they have stated there is no evidence that credit card or medical information was
compromised. For more information please visit http://www.anthemfacts.com
Home Depot announced a card data compromise at its US stores beginning sometime in April through
September of 2014. The breach affected all cards used in stores, including Home Depot store brand cards and
major card brands such as Visa and MasterCard. To learn more, please visit Home Depot's Announcement.
In late September, sandwich shop chain Jimmy John's confirmed that 216 stores had been compromised and
customer debit and credit card information had been accessed. The breach took place between June 16 and
September 5. Hackers obtained the account numbers on these cards, and may have access to the cardholder
name, verification number and/or expiration date. The breach did not affect any cards used in any online order
or a transaction where the card number was entered manually.
In June, P.F. Chang's China Bistro reported a security breach that affected customers at 33 restaurants located in
16 states. From October 19, 2013 to June 11, 2014 data from certain credit and debit cards that were used may
have been compromised. The potentially stolen credit and debit card data included the card number and, in
some cases, the cardholder's name and/or the card's expiration date. Visit P.F. Chang's site for updated
In March of 2014 it was determined that Sally Beauty stores had an unauthorized intrusion into the Sally
Beauty Supply LLC network. They discovered evidence that payment card data may have been illegally
accessed earlier in the year. For more information visit their FAQ page.
Staples acknowledged in December 2014 that a credit card breach took place in 119 stores between April and
September of that year. The malware intrusion may have resulted in the theft of as many as 1.16 million
customer credit and debit cards. Visit the Staples site for more information.
While HNCU does not have any reason to believe our mobile app is at risk from Svpeng or
Dyreza, we take security issues very seriously and understand that you do too.
What is Svpeng?
Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile
banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks
into a mobile device through a social engineering campaign using text messages.
Svpeng capabilities include:
- Spoofing legitimate banking applications
- Stealing personal banking information
- Capturing user input, including passwords
- Sending SMS messages to premium numbers without user's knowledge resulting in charges
- Stealing SMS messages
- Stealing contact information and pictures
- Tracking user location
What is Dyreza?
Dyreza or "Dyre" is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site.
Dyreza is spread through spam e-mail messages such as "Your FED TAX payment ID [random number]" and
"RE: Invoice #[random number]." These messages contain a ".zip" file often hosted on legitimate domains, to
Opening this file infects the computer with the malware. Using a technique called "browser hooking" Dyrezea
views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures an end user's
credentials by sending the user to malicious servers, while the end user thinks they are securely connected to
their financial institution's legitimate website.
Is my iPhone vulnerable to Svpeng and Dyreza?
iPhones and Android devices use different operating
systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it
exploits Internet Explorer, Chrome and Firefox browsers.
How can my end users protect themselves against threats like Svpeng and Dyreza?
- Installing an antivirus app and keeping it updated
- Avoiding installing Android apps from third-party websites or unreliable sources
- Reading the permissions requested by every application before installing
- Performing regular backup of data stored in Android devices
- Protecting devices with a password
- Not viewing or sharing personal information over a public Wi-Fi network
Please watch one of the educational videos below to learn more about potential and how to protect yourself.
Fraud Prevention Videos
Simple Tips For Keeping Your Personal Information Safe
To help educate our members, we have five short videos available that address keeping your personal information secure.
Videos use Adobe Flash, download the most recent version of Adobe Flash Player.
Identity Theft Resources
Click here to learn about ways to protect your identity.
Members have received text alerts/phone calls asking them to verify their account information. HNCU will
NEVER ask you to update or verify your personal or account information through an unsolicited phone call, text
message or e-mail. Please call us at 303-451-1146 if you have any questions or have received and responded
to a text message or automated call.
809 Area Code Scam
Be cautious when responding to e-mails or phone calls from the 809, 284 or 876 area codes.
THIS IS VERY IMPORTANT INFORMATION PROVIDED TO UNITED STATES RESIDENTS BY AT&T.
Fraudsters / pranksters are getting people to call someone at these area codes by telling you that it is
information about a family member who has been ill or to tell you someone has been arrested, died, or to let
you know you have won a wonderful prize, etc.
Click here to learn more about the 809 Area Code Scam