Connex Credit Union Data Breach Affects 172K Members
▼ Summary
– Connex Credit Union suffered a data breach in early June 2025, exposing personal and financial information of tens of thousands of members.
– The breach involved unauthorized access to files between June 2-3, 2025, compromising data like names, account numbers, Social Security numbers, and government IDs.
– Connex has not found evidence of stolen funds but warns members of phishing scams impersonating its employees.
– The breach follows a pattern of attacks linked to groups like ShinyHunters, targeting companies such as Allianz Life, Adidas, and Google.
– Scattered Spider, another hacker group, has recently shifted focus to aviation and retail sectors after targeting insurance firms.
Connex Credit Union has alerted approximately 172,000 members about a cybersecurity incident that compromised sensitive personal and financial data earlier this year. The breach, detected in early June, exposed critical information including names, account details, Social Security numbers, and government-issued identification documents.
Operating since 1940, Connex serves over 70,000 members across Connecticut, with branches in New Haven, Hartford, and surrounding counties. As a member-owned nonprofit managing more than $1 billion in assets, the credit union offers a full range of financial services, from checking accounts to insurance products.
Internal investigations revealed unauthorized access to Connex’s systems between June 2 and 3. By late July, the institution confirmed the scope of the breach and began notifying impacted individuals through mailed letters and regulatory filings. While no evidence suggests fraudulent account activity so far, the stolen data could be exploited for identity theft or financial fraud.
In response, Connex has issued warnings about a surge in phishing scams where fraudsters pose as credit union representatives. These imposters attempt to trick victims into revealing PINs, passwords, or account details over calls or texts. Members are urged to verify any suspicious communication by contacting Connex directly through official channels.
This incident aligns with a broader trend of cyberattacks targeting financial institutions and major corporations. Groups like ShinyHunters and Scattered Spider have been linked to high-profile breaches, exploiting vulnerabilities in corporate networks to steal sensitive data. Recent victims span industries from insurance to luxury retail, underscoring the growing sophistication of these threats.
Connex has not disclosed whether ransomware or extortion played a role in the breach. However, the credit union is offering affected members complimentary credit monitoring and identity protection services to mitigate potential risks. Customers are advised to remain vigilant, review account statements regularly, and report any unusual activity immediately.
The breach serves as a stark reminder for organizations to strengthen cybersecurity defenses, particularly as threat actors refine their tactics. For consumers, proactive measures, such as enabling multi-factor authentication and monitoring credit reports, can help reduce exposure to fraud.
(Source: Bleeping Computer)