Nearly 70,000 people impacted in Carter Credit Union data breach

Carter Credit Union said it suffered a serious data security incident in July that compromised the sensitive personal information of nearly 70,000 customers.

 

Springhill, Louisiana-based Carter Federal Credit Union provides various services like loans, deposit accounts, and online banking to communities in and around the state. It functions as a member-owned organisation rather than a traditional for-profit bank.

 

In a data security incident notice filed with the Office of Maine Attorney General, Carter said that on  July 2, it detected suspicious activity within its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The forensic investigation recently concluded and determined that the unauthorised third party accessed certain files on our network between June 25, 2025 and July 2, 2025,” Carter said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license/state identification numbers, passport numbers, credit/debit card numbers, financial account numbers, financial account history, retirement/401(k) benefits information, limited medical treatment/diagnosis information, and health insurance information.

 

The filing with the Maine state regulator also states that Carter has identified at least 68,934 individuals impacted by the incident.

 

While the financial organisation found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Carter. The financial company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.