The Baxter Credit Union (BCU), headquartered in Deerfield, Ill., reported that on October 11 it learned an employee email account had been compromised and used to send spam and other unsolicited emails.
BCU said the account has been terminated and an investigation indicated that no data was compromised during the period when the account was being used as a spam bot. However, the email account itself did contain certain personal information, including names, Social Security numbers, bank and credit card account numbers and driver's license numbers.
“It is important to note that we have no reason to believe that the intent of the compromise was anything other than sending the unsolicited email, and have no evidence to suggest that anyone's information has been or will be misused, said BCU CEO Michael Valentine, in a letter to customers.
To err on the side of caution BCU has contacted those people potentially affected asking them to check their accounts for fraud or other suspicious activity.