Connex Credit Union Breach Exposes 172,000 Members’ Data

A cyber-attack has compromised the personal and financial data of 172,000 individuals, Connex Credit Union confirmed last week.

The intrusion took place between June 2 and 3 2025, and was detected on June 3. An investigation found that attackers may have accessed or downloaded sensitive files.

Founded in 1940, Connex is one of Connecticut’s largest credit unions, managing over $1bn in assets and serving more than 70,000 members across eight branches in New Haven, Hartford, Middlesex and Fairfield counties.

The stolen data may include:

• Names

• Account numbers

• Debit card details

• Social Security numbers

• Government-issued IDs used to open accounts

Connex stated it has no evidence that the breach resulted in unauthorized access to accounts or funds. Letters to affected individuals, filed with the Maine Attorney General’s Office, confirmed the scale of the incident. A total of 467 Maine residents were affected.

Read more on data breaches affecting the financial sector: Destructive Attacks on Financial Institutions Surge

No ransomware demands have been reported, and no known cybercriminal group has claimed responsibility at the time of writing. The incident does not appear tied to other recent large-scale attacks on banks and retailers.

Connex is offering 12 months of free credit monitoring and identity protection to all impacted individuals.

Following discovery of the incident, Connex also issued a warning about scam calls and text messages from individuals posing as employees.

“Please be aware that scammers are calling/texting members impersonating Connex employees,” the institution said.

“Connex will never call you and ask for PINs, passcodes or account numbers.”

The credit union is reportedly collaborating with law enforcement and cybersecurity experts to investigate how the attackers gained access and has initiated measures to enhance the security of its systems and prevent future breaches.

While there have been no confirmed financial losses, the exposure of sensitive personal data raises the risk of identity theft and fraud. Members are urged to monitor their accounts and report any suspicious activity.