Connex Credit Union Data Breach Affects 172,000 Members

Connex Credit Union breach exposes data of 172000 members, legal probe launched, experts urge victims to monitor accounts for fraud and identity theft.

A significant data breach at Connex Credit Union has affected the personal information of 172,000 members. The credit union, one of Connecticut’s largest, discovered that an unauthorized party had accessed and downloaded sensitive files from its systems on June 2, 2025.

According to the breach notification filed with the Office of the Maine Attorney General, the breach was officially discovered on July 27, 2025, even though the credit union had found the initial access on June 3. The company then began notifying affected individuals on or around August 7, 2025.

“It does seem longish that the credit union waited over a month to notify impacted victims,” said Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. “Maybe it took them two weeks to figure out who exactly was impacted, but it sounds like they identified who was personally impacted and then still waited another two weeks to notify the victims.” “That’s two weeks that hackers and scammers could have been using the stolen information to better leverage spear phishing attacks against selected victims,” he argued.

This delay is now under investigation by the law firm Schubert Jonckheer & Kolbe LLP, which is looking into whether the delay might have violated state and federal laws.

****What Information Was Taken?****

The stolen data, which was part of an “External system breach (hacking),” includes a combination of highly sensitive personal and financial details. Hackers may have compromised members’ names, account numbers, debit card information, Social Security numbers, and other government IDs. This kind of information puts members at a high risk for identity theft and other privacy violations. According to the breach notification, 467 of the affected individuals are residents of Maine.

In response to the incident, Connex Credit Union has posted a scam alert on its website. The alert warns members to be careful of people pretending to be credit union employees in phone calls or texts, as scammers may be trying to use the stolen data to gain access to accounts.

The credit union has stated that they will never ask for PINs, passcodes, or account numbers over the phone. The breach notification was submitted on behalf of the credit union by attorney Aubrey Weaver from the firm Constangy, Brooks, Smith & Prophete, LLP.

Screenshot credit: Hackread.com)

****Potential Legal Consequences****

The legal firm Schubert Jonckheer & Kolbe LLP has announced it is investigating the data breach on behalf of customers. They believe that those whose information was compromised may be entitled to financial compensation and a requirement for the credit union to improve its cybersecurity practices. The firm specializes in class-action lawsuits against companies that fail to protect customer data.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, states that to stay protected, “data breach victims should take advantage of the free credit monitoring offered by Connex to protect themselves from fraud and identity theft. Don’t get complacent because there’s “no evidence” of misuse. Connex doesn’t have the means to verify if your personal information is being abused. Assume the worst and keep a close eye on your accounts.”

The breach at Connex Credit Union is part of a growing trend of cyberattacks targeting financial institutions. For example, a number of breaches at high-profile companies, including Allianz Life, have been linked to a group called ShinyHunters. Another group, Scattered Spider, uses similar social engineering tactics to target a wide range of industries.