Over 170,000 people impacted in Connex Credit Union data breach

Connex Credit Union said it suffered a serious data security incident in June that compromised the sensitive personal information of more than 170,000 customers.

 

Headquartered in North Haven, Connecticut, Connex is one of the state’s largest credit unions. It specialises in banking, insurance, and credit card services and caters to customers across eight branches throughout the greater New Haven area, including New Haven, Hartford, Middlesex, and Fairfield counties.

 

In a data security incident notice filed with the Office of Maine Attorney General, Connex said that on  June 3, it detected suspicious activity within its internal network. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“We learned that some of our files had been accessed or downloaded without authorisation between June 2 and 3, 2025. We then worked to determine whose information was potentially involved in the incident and, on July 27, 2025, completed our review and learned that some of your personal information may have been involved in the incident,” Connex said.

 

The compromised data included names, account numbers, Social Security numbers, and other government IDs. Connex said in its filing with the Maine state regulator that at least 172,000 individuals were impacted by the incident.

 

“As soon as Connex discovered the incident, we took the steps described above and implemented measures to enhance network security and minimise the risk of a similar incident occurring in the future. We also notified the National Credit Union Administration and federal law enforcement and will provide whatever cooperation may be necessary to hold the perpetrators accountable,” the credit union added.

 

Connex has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. It has also offered complimentary identity protection and credit monitoring services through CyberScout to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the ransomware attack on Connex. The credit union also did not share details on who was behind the cyber attack, how much data was compromised, or whether it has received a ransom demand.