The largest credit union in Northern Ontario was hit by a major cybersecurity incident that exposed personal information about an undisclosed number of customers, Village Media has learned.
In a prepared statement issued Monday night, Northern Credit Union confirmed that a recent “online security incident” at a third-party contractor targeted confidential client information—and that “impacted members will be receiving written notice” in the coming days.
“To date, there is no evidence that any personal information was misused as a result of this incident,” the statement reads. “Northern encourages its members to remain vigilant and report any anomalies in their financial activities to the police and Northern Credit Union.”
The financial institution says it has alerted “appropriate law enforcement authorities” and the federal privacy commissioner. The statement does not specify how many credit union members had their personal information potentially exposed.
“Northern Credit Union takes the privacy and security of its members very seriously,” said CEO Richard Adam, in his own prepared statement. “As a member-driven organization, transparency lies at the heart of our approach to doing business. We are working diligently to help maintain our members’ security by offering a credit monitoring service, and we have been taking measures to remediate this situation as quickly and effectively as possible.”
Headquartered in Sault Ste. Marie, Northern Credit Union is a full-service financial institution with branches in 21 communities, including Sudbury, Timmins, North Bay and Elliot Lake. Boasting more than 200 employees and approximately 70,000 members, the credit union manages more than $1.6-billion worth of assets. Their slogan is “True North Strong.”
The cybersecurity breach is linked to recent headlines about Celero Solutions Inc., a Calgary-based company that provides digital technology services to 115 credit unions and other financial institutions across Canada.
As first reported by CBC, Celero became aware of “unauthorized access” to its systems on June 8, prompting some credit unions in Manitoba to temporarily pause transactions out of an abundance of caution. In a statement issued on June 10, Celero said there was “no evidence of compromised member data or unauthorized access to member-facing systems.”
That soon changed.
After being alerted to the breach at Celero, Northern Credit Union says it “immediately enacted its own incident response plan, which included engaging industry-leading experts to ensure heightened security for our members and additional precautionary measures were put in place.” But on June 15, Celero issued another update—informing Northern Credit Union “that documents containing personal information of Northern’s members were likely impacted by the incident.”
“Upon learning of this situation, our cybersecurity experts worked tirelessly to conduct an internal investigation and manually review all potentially accessed information,” the credit union says in its statement. “These investigations are complex and take time, but they remain essential to gain a better understanding of the extent of the incident.”
The statement continues: “Following this investigation, Northern is continuing to take action to help protect its members, including notifying affected individuals and offering credit monitoring where applicable. Impacted members will be receiving written notice of the incident.”
Customers can also call a dedicated phone line that has been established to field questions regarding the breach: 1-844-959-0471.