172,000 Members’ Data Exposed in Connex Credit Union Breach
▼ Summary
– A cyber-attack on Connex Credit Union compromised personal and financial data of 172,000 individuals, with the breach occurring between June 2-3, 2025.
– The stolen data includes names, account numbers, debit card details, Social Security numbers, and government-issued IDs, but no unauthorized account access has been confirmed.
– Connex, a major Connecticut credit union with over $1bn in assets, is offering 12 months of free credit monitoring and identity protection to affected individuals.
– No ransomware demands or claims by cybercriminal groups have been reported, and the breach does not appear linked to other recent large-scale attacks.
– Connex is collaborating with law enforcement and cybersecurity experts to investigate the breach and has warned members about scam calls impersonating employees.
A major data breach at Connex Credit Union has exposed sensitive information belonging to 172,000 members, marking one of the most significant financial sector security incidents this year. The Connecticut-based institution disclosed unauthorized access to its systems between June 2 and 3, 2025, with the intrusion detected within 24 hours.
Founded in 1940, Connex manages over $1 billion in assets and serves more than 70,000 members across eight branches. The compromised data potentially includes names, account numbers, debit card details, Social Security numbers, and government-issued identification documents used during account openings. While the credit union confirmed no unauthorized transactions or fund withdrawals, the exposure heightens risks of identity theft and financial fraud.
Affected members, including 467 residents of Maine, have been notified through letters filed with state authorities. Connex is providing 12 months of complimentary credit monitoring and identity theft protection to mitigate potential fallout. The breach’s origin remains under investigation, with no ransomware demands or claims of responsibility by known threat actors.
In response, the credit union warned members about fraudulent calls and texts impersonating Connex employees, emphasizing that legitimate representatives will never request PINs, passcodes, or account details. The institution has partnered with cybersecurity specialists and law enforcement to strengthen defenses and trace the attack’s entry point.
Members are advised to review account statements, enable transaction alerts, and report suspicious activity immediately. The breach underscores growing concerns about cyber threats targeting regional financial institutions, though Connex maintains its systems are now secured against similar intrusions.
While no direct financial losses have been reported, experts recommend impacted individuals freeze credit reports and remain vigilant for phishing attempts exploiting the stolen data. The incident highlights the critical need for enhanced digital safeguards as cybercriminals increasingly target smaller, community-focused financial organizations.
(Source: Info Security)
