- Connex Credit Union confirms the suffering of greater data violation
- Customer data stolen and attackers have not been identified
- Users are warned to be wary of suspicious e -mails
Financial Cooperative Connex Credit Union has revealed that it suffered a cyberattack where it lost sensitive data about about 172,000 customers.
The company confirmed the news in a new filing in the Maine Attorney General Office as well as through Data Breach Notification Letters, which it sent to affected persons.
In the letter, the company said it experienced “unusual activity” on its network on June 3, 2025, and after an investigation concluded that an unauthorized third party stole sensitive files the day before. After almost a month of investigation, Connex decided that the threat actors stole people’s names, account numbers, debit card information, Social Security Numbers (SSN) and other government identification information needed to open a person’s account with the company.
Changing strategies
“Connex has no reason to believe that the incident involved unauthorized access to member accounts or funds,” it was said in the letter.
The letter then continues to say the usual – that the company strengthens its cyber security position further and that it offers 12 months of free credit and identity theft -protection services. The chosen Cybscout as a service provider in this case.
Connex Credit Union is a well -established, member -owned financial cooperative with base in Connecticut. It is one of the largest credit unions in Connecticut, with more than 70,000 members and over $ 1 billion in assets.
At the same time, a San Francisco Law Firm – Schubert Jonckheer & Kolbe is said to investigate this data violation under the suspicion that the company took too long to notify its customers of the incident.
In a press release, the law firm said the violation took place in June 2025, but Connex “did not begin to notify the persons concerned before or around August 7, 2025, which may have violated state and federal laws.”
In the State Connecticut, the deadline for notification is “without a reasonable delay, but no later than 60 days after the discovery of the violation”. That is, unless the shorter time of federal law is required.
How to remain safe
There are several ways in which cyber criminals can abuse the stolen files.
They can create accounts with various economic and government institutions, operation of wire fraud and tax refund schemes.
They can also engage in spear-phishing attacks to insert malware or even ransomware against the victims.
To remain in safety, users must be careful when opening unsolicited communication and must keep an eye on their bank statements.
Via Bleeping computer
