Alabama credit union warns customers of data breach that leaked SSNs, financial info

Heritage South Credit Union in Alabama this week confirmed it notified an undisclosed number of people about a February 2025 data breach that compromised Social Security numbers and financial account info.

Ransomware gang Embargo claimed responsibility for the breach on February 14, 2025, saying it stole 300 GB of data from Heritage South. The group says it stole debit card numbers, account numbers, addresses, dates of birth, phone numbers, email addresses, account balances, debt and loan info, and insurance info. To prove its claim, it posted what it says is the personal info of Heritage South’s CEO. Embargo gave Heritage South until February 18 to pay an undisclosed amount of ransom to delete the stolen data.

Heritage South has not verified Embargo’s claim. We do not know if the credit union paid a ransom, how much Embargo demanded, or how attackers breached Heritage South’s network. Comparitech contacted Heritage South for comment and will update this article if it replies.

In a February 12, 2025 Facebook post, Heritage South said it was experiencing network issues. Another post two days later said ATMs were back up and running, but that other systems were still down.

“On February 12, 2025, we detected suspicious activity within Heritage South’s computer network,” says the credit union’s notice (PDF) to victims. “The forensic investigation determined that an unauthorized third party accessed our computer network on January 7, 2025, and then between February 6, 2025, and February 17, 2025.”

Heritage South is offering eligible victims two free years of credit monitoring and identity theft protection through Experian.

Who is Embargo?

Embargo is a relatively new ransomware gang that started claiming attacks in April 2024. The group operates a ransomware-as-a-service business in which affiliates pay Embargo to use its malware and infrastructure to launch attacks and collect ransoms.

Embargo has claimed 13 confirmed ransomware attacks since it began, plus another 10 unconfirmed attack claims that haven’t been acknowledged by the targeted organizations. The attack on Heritage South is the group’s first confirmed attack of 2025.

Embargo’s biggest attacks in 2024 were against healthcare companies:

Ransomware attacks on US finance

Ransomware attacks on US banks, credit unions, and other financial institutions can endanger clients and delay day-to-day operations until systems are restored. Attacked organizations must either pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud.

Comparitech researchers logged two confirmed ransomware attacks on US finance companies so far in 2025. The other was against Estrella Insurance, which notified 16,379 people of a January 2025 data breach.

This week, Cross Valley Federal Credit Union began notifying 17,826 people of a data breach following an attack claimed by LeakedData in November 2024. The attack compromised names, addresses, and Social Security numbers.

We’re tracking another 60 unconfirmed attack claims on US finance in 2025 that haven’t been acknowledged by the targeted organizations.

About Heritage South Credit Union

Founded in Alabama in 1937, Heritage South Credit Union has branches in Sylacauga, Fayetteville, Childersburg, Moody, and Alexander City. It holds $160 million in assets and serves more than 14,000 members, according to its website. It was previously known as the Avondale Employees Federal Credit Union.