Check your phone number

On November 12, we were made aware that, due to an issue with our telephone service provider, some calls made to our Member Contact Centre were redirected by an unauthorized third party to a phone number outside of SCU. In addition, the unauthorized third party gained access to SCU’s call logs for the previous 60-day period. We can confirm that our service provider fixed their error and has re-secured our phone system.

We recognize that this could cause concern for members who may want to know if they are part of the impacted phone list. We will not call or text members asking for personal information regarding this incident, but will respond to members who reach out to us at incident@scu.mb.ca or call us at 1.800.728.6440.

What this means for members 

If your phone number was listed on our impacted phone number list, here are your next steps: 

Members whose phone numbers were on the impacted list, but who have not otherwise engaged with an unauthorized third party by phone or text are not at an elevated risk as a result of the incident. This means you are not further impacted by this incident if:

1. Since November 11, you have not received a call or text from someone claiming to be an SCU employee or someone else, 
2. You received a suspicious call or text but did not share any personal information or click any links, or 
3.  You have not noticed suspicious transactions in your account.

If you answered yes to any of the questions above, or if you are unsure, email incident@scu.mb.ca, call our Member Contact Centre, or visit us in branch to discuss further.

If you’ve answered no to the questions above, please continue to be vigilant but no additional action is required at this time. Keep reading for additional measures you can take to protect yourself

Personal information impacted

Initially, we reported that it was member name, phone number, and call dates that had been accessed. Upon further investigation, we have since learned that whether you called SCU during the impacted period or were affected by the call log leak, the only information the unauthorized party has accessed is your Caller ID Name, the phone number you called from, and call dates. 

A note on Caller ID Name: In many cases, the Caller ID Name is typically set up by your telephone provider. If you need assistance confirming your Caller ID Name, please contact your service provider directly. Some examples of Caller ID Names are:

• Full name 
• J Smith
• Smith, J
• Winnipeg, MB
• Unknown

Actions we've taken

We quickly mobilized an incident task force to take immediate action to protect our members, which included implementing an enhanced monitoring and member verification process to mitigate the risk. 

We created this website resource page so members could understand whether they were impacted, and what steps they needed to take next. 

We have now concluded our investigation with our service provider and have engaged with all necessary regulatory bodies and law enforcement agencies on this matter. 

SCU will never:  

• Ask for your digital banking passwords or debit card number
• Send you an email while on the phone and ask you to click the link
• Ask you to read back a verification number that you’ve been texted
• Ask you to send money through Interac e-Transfer^® 

Additional measures you can take

• Considerations to secure your digital banking: If you use digital banking, set up auto-deposit for Interac e-Transfer® as this significantly reduces the risk of transfers being intercepted. 

We also recommend that you set up alerts on your digital banking, which will keep you informed of account activity.

If you need help with either of these steps, please visit our digital banking tutorial section on our website: scu.mb.ca/tutorials.

• Arm yourself with knowledge: We offer a wealth of resources and information on our website about how to protect yourself from fraud. Visit our fraud prevention centre at scu.mb.ca/fraud to learn more.