FRAMINGHAM, Mass. — MetroWest Community Federal Credit Union disclosed a data breach that exposed the personal information of more than 7,600 individuals in Massachusetts and Rhode Island, according to Claim Depot.
The $139.8-million credit union said it began receiving alerts about suspicious activity on certain systems on Sept. 1, 2025. An investigation later determined that an unauthorized party accessed specific systems on Sept. 3, and copied files without permission. The incident exposed personally identifiable information of at least 7,573 Massachusetts residents and 65 Rhode Island residents.
The Akira ransomware group has claimed responsibility for the attack, which involved both data theft and system encryption. The group later publicized the breach on the Tor network on Oct. 25, 2025, Claim Depot reported. The compromised data includes names, addresses, phone numbers, Social Security numbers, financial account and debit card numbers, and driver’s license information. The attackers also claimed to have obtained documents such as identification records, financial and accounting files, court-related information, and employee records.
MetroWest reported the breach to law enforcement, including the FBI, and disclosed the incident to the Massachusetts Attorney General’s office on Dec. 29. Affected individuals have been notified by mail.
In response, MetroWest said it secured its systems, engaged cybersecurity experts, and is continuing to assess the scope of the breach. The credit union is offering impacted individuals 24 months of complimentary Experian IdentityWorks credit monitoring, according to Claim Depot’s reporting.