FAIRMONT, W.Va.—Fairmont Federal Credit Union has disclosed a sweeping data breach that compromised highly sensitive member information, Cybernews reported. The $565-million credit union said attackers first accessed its systems nearly two years ago, yet the full scope of the incident was not determined until August 2025.
According to documents FFCU filed with the Maine Attorney General’s Office, the breach affected more than 187,000 individuals. Cybernews said attackers infiltrated the credit union’s network between Sept. 30 and Oct. 18, 2023, but the intrusion wasn’t discovered until late January 2024.
FFCU said it hired external cybersecurity experts to investigate and conduct a manual review of compromised data. That review revealed the stolen information was extraordinarily broad, ranging from names, Social Security numbers, and financial account details to PINs, healthcare diagnoses, and prescription data, Cybernews reported. Not every member had all of their data exposed, but investigators said the scope of access suggested attackers had reached deep into the credit union’s systems.
Despite the breach’s magnitude, FFCU told Cybernews it has not seen evidence of identity theft or financial fraud linked to the attack. The credit union said it is offering affected members complimentary identity-theft protection services.
While FFCU did not specify what kind of attack it faced, Cybernews noted that the dark web monitoring group Ransomware Live has linked the breach to BlackBasta, a now-defunct ransomware cartel. The cartel’s reported activity coincides with the Oct. 18, 2023, end date of the intrusion listed in FFCU’s disclosure.