- Connex Credit Union confirms the suffering of violation of important data
- The data of stolen customers, and the attackers have not been identified
- Users are warned to be careful with suspicious incoming emails
The cooperative cooperative Cooperative Connex Credit Union has revealed that it suffered a cyber attack in which it lost confidential data about around 172,000 clients.
The company confirmed the news in a new presentation before the office of the MAINE attorney general, as well as through data violation notification letters that sent the affected persons.
In the letter, the company said it experienced an “unusual activity” on its network on June 3, 2025, and after an investigation concluded that an unauthorized third party stole sensitive files the previous day. After almost a month of investigation, Connex determined that the threat actors stole the names of the people, the account numbers, the information on the debit card, the Social Security numbers (SSN) and other identification information of the government necessary to open the account of an individual with the company.
Change strategies
“Connex has no reason to believe that the incident involved unauthorized access to accounts or funds from the members,” he said in the letter.
Then, the letter continues than usual: that the company is further strengthening its cybersecurity position, and that it is offering 12 months of free credit and identity robbery protection services. Cyberscout chose as a service provider in this case.
Connex Credit Union is a well -established financial cooperative, owned by a member based in Connecticut. It is one of the largest credit cooperatives in Connecticut, with more than 70,000 members and more than $ 1 billion in assets.
At the same time, it is said that a law firm from San Francisco, Schubert Jonckheer & Kolbe, is investigating this data violation under the suspicion that the company took too long to notify its clients about the incident.
In a press release, the law firm said that the violation occurred in June 2025, but Connex “did not begin to notify the affected persons until or around August 7, 2025, which may have violated state and federal laws.”
In the state of Connecticut, the deadline for notification is “without reasonable delay, but no later than 60 days after the discovery of violation.” That is, unless the federal law requires a shorter time.
How to stay safe
There are numerous ways in which cybercriminals can abuse stolen files.
They can create accounts with different financial and government institutions, executing electronic fraud and tax evasion schemes.
They can also participate in spear phishing attacks to deploy malware, or even ransomware, against victims.
To stay safe, users must be careful when opening unplayed communications and should closely monitor their bank extracts.
Through Bleepingcomputer
