Fairmont Federal Credit Union Data Breach in 2023 Hits Nearly 190,000 People

Fairmont Federal Credit Union said it suffered a serious data security incident in 2023 that compromised the sensitive personal information of nearly 190,000 customers.

 

Headquartered in Fairmont, West Virginia, Fairmont Federal Credit Union is a not-for-profit, member-owned financial cooperative that operates democratically, with profits returned to members through lower fees and better rates on savings and loans.

 

In a data security incident notice filed with the Office of Maine Attorney General, FFCU said that on  January 23, 2024, it detected suspicious activity within its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“After an extensive investigation, we concluded on or about August 17, 2025 that one or more of the files accessed and/or acquired by the unauthorised party between September 30, 2023 and October 18, 2023,” FFCU said.

 

The compromised data included names and other personal identifiers including Social Security numbers. The filing with the Maine state regulator also states that FFCU has identified at least 187,038 individuals impacted by the incident.

 

The financial organisation has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.

 

 

The BlackBasta ransomware group claimed responsibility for the cyber attack on FFCU and listed it as a victim on its data leak site. The group claimed to be in possession of confidential data stolen from the organisation and threatened to leak it unless its ransom demands were fulfilled.