The personal data of about 15,000 members of a credit union has been stolen in a “cyber-attack”. Sheffield Credit Union (SCU) said information including names, addresses, national insurance numbers and bank details had been accessed.
The attack happened in February 2018 but only came to light recently after hackers threatened to publish the data unless a ransom was paid.
South Yorkshire Police said it was working with SCU and Action Fraud.
The credit union said the breach may leave members open to attempts to defraud them.
In a letter to its members, SCU said: "We are writing to all of our members to inform them that Sheffield Credit Union was the victim of a 'cyber-crime' incident, which is believed to have taken place on 14th February 2018 but only recently came to light.
"This incident may expose you to text messaging, cold calling and attempts to defraud." It said that since the theft it had "reviewed and increased" its security and details of the attack had been passed to the relevant authorities, including police and Information Commissioners Office (ICO).
Fiona Greaves, chairwoman of SCU, said it was believed hackers accessed the data using a so-called "brute-force" attack, where they bombard computer systems with different password combinations in the hope of effectively guessing the correct one through trial and error. She said: "We are taking it extremely seriously.
"Members do not need to worry that the loss of the data is going to mean wholesale fraud, we are warning people that it has happened and that they need to be aware that potentially someone could have got hold of their information."
SCU has advised its members to monitor their bank and credit report for any unusual activity.
An ICO spokesperson said: "We are aware of an incident in relation to Sheffield Credit Union and we are making enquiries."