- Connex Credit Union Confirm the violation of major data
- Stolen client data and attackers have not been identified
- Users are warned to be wary of suspect emails
The Connex Credit Union financial cooperative revealed that it had undergone a cyber attack in which it lost sensitive data on around 172,000 customers.
The company confirmed the news in a new file to the Maine Prosecutor General’s Office, as well as via letters of notification of violation of the data sent to affected persons.
In the letter, the company said it has undergone an “unusual activity” on its network on June 3, 2025, and after a survey concluded that an unauthorized third party stole sensitive files the day before. After almost a month of investigation, Connex determined that the threat stakeholders stolen the names of the people, the account numbers, the information on debit cards, the social security numbers (SSN) and other government identification information necessary to open the account of an individual with the company.
Changing strategies
“Connex has no reason to believe that the incident involved unauthorized access to account or fund funds,” he was in the letter.
The letter then continues to say the habit – that the company further strengthens its cybersecurity posture and that it offers 12 months of free flight and identity protection services. He chose Cyberscout as a service provider in this case.
Connex Credit Union is a well -established financial cooperative belonging to the members based in Connecticut. It is one of the largest credit cooperatives in Connecticut, with more than 70,000 members and more than a billion dollars in assets.
At the same time, a law firm from San Francisco – Schubert Jonckheer & Kolbe, would investigate this data violation under the suspicions that the company took too long to inform its customers of the incident.
In a press release, the law firm declared that the violation had taken place in June 2025, but that Connex “started to inform the people affected before August 7, 2025, which may have raped state and federal laws”.
In the state of the Connecticut, the deadline for notification is “without reasonable delay, but no later than 60 days after the discovery of the violation”. In other words, unless the shorter time is required by federal law.
How to stay safe
There are many ways in which cybercriminals can abuse stolen files.
They can create accounts with various financial and government institutions, managing wire fraud and tax evasion systems.
They can also get involved in spear-on-pile attacks to deploy malware, even ransomware, against victims.
To stay safe, users must be careful when opening unlined communications and must keep an attentive eye on their bank statements.
Via Bleeping Compompute
