Fairmont Federal Credit score Union is notifying over 187,000 people that their private and monetary info was stolen in a two-year-old data breach.
A not-for-profit monetary group, Fairmont Federal Credit score Union presents companies resembling enterprise and residential mortgage loans, monetary first assist, and private checking. It operates 9 regional branches in West Virginia.
The group found the cybersecurity incident on January 23, 2024 and launched a immediate and thorough forensic investigation, concluding on August 17, 2025, that recordsdata stolen from its community contained private info.
The data breach, nevertheless, had occurred 4 months previous to discovery, with the attackers sustaining entry to the credit score union’s community between September 30 and October 18, 2023.
Now, two years after the very fact, the credit score union is notifying (PDF) its prospects that the hackers stole recordsdata containing their names, dates of start, Social Safety numbers, driver’s license numbers, authorities ID numbers, monetary info, medical and medical health insurance info, and different private information.
Extra alarming is that the stolen info incorporates full bank card/debit card particulars, together with card numbers, security codes/PIN numbers, and expiration dates. IRS PIN numbers, tax ID numbers, routing numbers, and full entry credentials have been additionally compromised within the data breach.
“So far, FFCU is just not conscious of any incidents of identification theft or monetary fraud on account of the incident,” Fairmont Federal Credit score Union says.
Late final week, the credit score union informed the Maine Lawyer Basic’s Workplace it’s offering written notices to 187,038 people affected by the data breach.
The impacted people have been supplied with 12 or 24 months of free identification theft safety and credit score monitoring companies
The credit score union didn’t say who was accountable for the data breach, however it seems that it found the incident on the identical day that the Black Basta ransomware group added it to its Tor-based leak web site.
Some of the prolific ransomware gangs, with over 500 victims worldwide and greater than $100 million obtained in ransom funds, Black Basta has been inactive since January 2025.
