What happened

On November 12, we were made aware that, due to an issue with our telephone service provider, some calls made to our Member Contact Centre were redirected by an unauthorized third party to a phone number outside of SCU. We can confirm that our service provider fixed their error and has re-secured our phone system.

What this means for members 

If you called SCU between November 11 at 10:18 AM through November 12 at 10:15 AM:

• You may be at higher risk for fraud if you spoke with someone during this call and shared additional personal information. If so, please contact us by visiting a branch or emailing us at incident@scu.mb.ca so we can support you with next steps. Please only share your first name, phone number you believe you called SCU from, and the estimated call date.

If you called SCU between September 11 and November 12 and, if after November 11, you have received a call from someone claiming to be an SCU employee: 

• You may be at higher risk for fraud if you spoke with someone during this call and shared additional personal information. If so, please contact us by visiting a branch or emailing us at incident@scu.mb.ca so we can support you with next steps. Please only share your first name, phone number you believe you called SCU from, and the estimated call date.
• If you did not receive a call from someone claiming to be an SCU employee since November 11, or if you received a call but did not provide personal information during the call, you are not impacted; however, it’s important to remain vigilant.

If you have not called the SCU Member Contact Centre since September 11, you are likely not impacted by this incident. However, our investigation is ongoing—should we discover additional information, we are committed to sharing it with our members as quickly as possible. 

Personal information impacted

Initially, we reported that it was member name, phone number, and call dates that had been accessed. Upon further investigation, we have since learned that whether you called SCU during the impacted period or were affected by the call log leak, the only information the unauthorized party has accessed is your Caller ID Name, the phone number you called from, and call dates. 

A note on Caller ID Name: In many cases, the Caller ID Name is typically set up by your telephone provider. If you need assistance confirming your Caller ID Name, please contact your service provider directly. Some examples of Caller ID Names are:

• Full name 
• J Smith
• Smith, J
• Winnipeg, MB
• Unknown

Here’s what we’re doing

We quickly mobilized an incident task force to take immediate action to protect our members, which included implementing an enhanced monitoring and member verification process to mitigate the risk. 

We have created this website resource page where we will share the latest updates on what’s happening, what we’re doing, and what you can do to protect yourself. We encourage you to visit and bookmark this page so you can stay up-to-date. 

We continue to investigate with our service provider and have engaged with all necessary regulatory bodies and law enforcement agencies on this matter. 

SCU will never:  

• Ask for your digital banking passwords or debit card number
• Send you an email while on the phone and ask you to click the link
• Ask you to read back a verification number that you’ve been texted
• Ask you to send money through Interac e-Transfer^® 

Here's what you can do

It’s an unfortunate reality that fraud continues to escalate in both sophistication and frequency. It’s imperative that you remain vigilant and take steps to protect yourself from fraud. Visit the Fraud Prevention Centre on our website for additional resources and ways you can protect yourself.