Data Breach at Appalachian Community FCU Exposes Sensitive Member Information

Appalachian Community Federal Credit Union, based in Tennessee, disclosed that it experienced a significant data security breach last year that exposed sensitive personal information belonging to its members.

 

Appalachian Community Federal Credit Union (ACFCU) is a member-owned financial cooperative that serves communities across Northeast Tennessee, Southwest Virginia, and parts of Kentucky, providing traditional banking services such as savings and checking accounts, loans, and credit cards.

 

In a data security incident notice filed with the Office of Vermont Attorney General, ACFCU said that on October 7, it detected suspicious activity within its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“As part of our investigation, we confirmed on October 10, 2025, that data was taken from our network,” ACFCU said.

 

The compromised data included names, Social Security numbers, and financial account information. 

 

“Upon experiencing the disruption, we took immediate action by disconnecting our network from the internet. We partnered with forensic specialists to perform an investigation into the event and restore our operations safely and securely. We reset user passwords and reported the incident to federal law enforcement. We are also reviewing existing security controls, policies and procedures we have  in place to remain resilient against future threats,” ACFCU added.

 

While the financial organisation found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

x

 

 

The notorious Qilin ransomware group claimed responsibility for the cyber attack on ACFCU, listing it as a victim on its data leak site. The group said it had obtained 75 GB of confidential data from the financial organisation and threatened to release the entire database unless its ransom demands are met.