Connex Credit Union confirmed a major data breach that exposed sensitive personal and financial records for about 172,000 customers. The disclosure was made in a filing with the Office of the Maine Attorney General and via notification letters to affected individuals. Attackers have not been publicly identified.
Scope Of The Connex Data Breach And Exposed Records
Connex reported that it detected “unusual activity” on its network on June 3, 2025. After an investigation, the credit union concluded an unauthorized third party stole sensitive files the day before. The compromised data elements include:
- Names
- Account numbers
- Debit card information
- Social Security numbers and other government identification used to open accounts
“Connex has no reason to believe the incident involved unauthorized access to member accounts or funds.”
Connex says it investigated the activity and determined which records were taken before notifying members.
Timeline, Notification And Legal Review
Connex says the network activity was identified in early June and that the investigation took place over the following weeks. The credit union began mailing notification letters to affected customers on or around August 7, 2025.
A San Francisco law firm, Schubert Jonckheer & Kolbe, is reviewing the matter and says Connex may have delayed notification. The firm notes the breach occurred in June 2025 but that notifications began in August, which it says “may have violated state and federal laws.”
In Connecticut, authorities require breach notification “without reasonable delay, but no later than 60 days after discovery,” unless federal law requires a shorter timeframe. Connex’s filing with the Maine Attorney General documents the incident and the steps taken to notify affected individuals.
Member Risk Profile And Potential Abuse Of Stolen Data
The stolen records create multiple fraud risks. Threat actors with this information can:
- Open new accounts or lines of credit in victims’ names
- Carry out wire fraud or tax-related schemes
- Launch targeted phishing or spear-phishing campaigns to deploy malware or ransomware
Consumers and institutions should treat this as a significant credit union data breach with high identity-theft risk due to exposed Social Security numbers and debit card details.
Connex Response And Member Protections
Connex states it took steps to secure its network once the unusual activity was discovered. The credit union is offering free credit and identity protection services for affected individuals. Connex selected CyberScout as the provider for these services.
How To Stay Safe After the Breach
Connex and consumer advisors warn members to remain vigilant. Recommended actions reported as part of the breach notice include:
- Be cautious with unsolicited calls, texts, or emails asking for personal or account details.
- Monitor account and card statements closely for unfamiliar transactions.
- Watch for signs of identity theft such as unexpected bills or credit alerts.
