Fairmont Federal Credit Union (FFCU) has notified more than 187,000 individuals about a major data breach that occurred nearly two years ago, exposing a wide array of sensitive information including PIN numbers, financial data, and healthcare records.
Breach Timeline and Investigation
FFCU stated that it first discovered the incident in late January 2024, but further investigation revealed that attackers had infiltrated its systems months earlier. The unauthorized access lasted from September 30, 2023, through October 18, 2023, giving threat actors weeks to explore FFCU’s network.
The credit union engaged outside cybersecurity experts to help determine the scale of the compromise.
“As part of the investigation, FFCU engaged external cybersecurity professionals who regularly investigate and analyze these types of situations to help determine the extent of any compromise of the information on the FFCU network and conducted a manual review,” the company explained in its breach notification.
Despite the investigation, FFCU did not determine the exact nature of the compromised data until August 2025 — almost two years after the breach occurred.
Scope of Compromised Data
The stolen data spans a massive range of personal, financial, and health-related information. According to the breach notice, the exposed details include:
- Full names, dates of birth, home addresses
- Social Security numbers, U.S. Alien registration numbers, passport numbers
- Driver’s license and state ID numbers, military ID numbers, tax ID numbers, non-U.S. national ID numbers
- Bank account numbers, routing numbers, financial institution names
- Credit card and debit card numbers, security codes, PINs, and expiration dates
- IRS-issued PIN numbers
- Medical data such as treatment information, diagnosis, prescription details, provider names
- Medical record numbers, Medicare and Medicaid numbers, health insurance policy and subscriber numbers
- Treatment cost information
- Full login credentials, security questions and answers
- Digital signatures
FFCU clarified that not all impacted individuals had every data element exposed, but the sheer breadth of the stolen data indicates that attackers gained deep access to the credit union’s systems and files.
Risk of Identity Theft and Financial Fraud
The range of information accessed could enable a variety of malicious activities, from identity theft to payment card fraud and targeted phishing campaigns. Criminals could use victims’ card details to make unauthorized purchases or exploit health insurance data to obtain prescription medication.
What makes the situation even more severe is that medical history cannot simply be replaced like a credit card. This means affected individuals face a long-term risk of medical identity theft, with the possibility of fraudulent medical claims or misuse of treatment records impacting them for years.
Response and Attribution
In its notice, FFCU said it has no evidence so far that the stolen data has been used for fraud or identity theft. The credit union is offering complimentary identity theft prevention and credit monitoring services to those affected.
While FFCU has not officially disclosed the nature of the attack, threat intelligence from the monitoring service Ransomware Live suggests that the now-defunct ransomware group BlackBasta was behind the incident. The reported attack date of October 18, 2023, matches the date included in FFCU’s notification filing.
