A data breach that occurred in late 2023 has compromised the personal and financial information of over 187,000 individuals, according to a recent notification from Fairmont Federal Credit Union. The not-for-profit financial institution, which operates nine regional branches in West Virginia, offers a range of services, including business and home mortgage loans, personal checking, and financial assistance. The credit union states that it first discovered the cybersecurity incident on January 23, 2024, and initiated a comprehensive forensic investigation.
The investigation, which concluded on August 17, 2025, revealed that hackers had maintained access to the credit union’s network for nearly a month, from September 30 to October 18, 2023. This is approximately four months before the breach was even discovered. Despite the credit union’s prompt investigation, it has taken two years for them to begin notifying customers that their personal data has been stolen. This data includes names, dates of birth, social security numbers, driver’s license numbers, and other government ID numbers.
More alarmingly, the compromised information includes sensitive financial details, such as full credit card and debit card numbers, security codes, PIN numbers, and expiration dates. Other stolen information includes IRS PINs, tax ID numbers, routing numbers, and full access credentials. While the extent of the compromised data is significant, Fairmont Federal Credit Union says that, as of now, it’s not aware of any instances of identity theft or financial fraud directly resulting from the incident.
The credit union has provided written notices to the 187,038 affected individuals. As a gesture of good faith and to mitigate potential harm, they are offering impacted individuals either 12 or 24 months of free identity theft protection and credit monitoring services. These services should provide a layer of security for those whose sensitive data was exposed in the breach.
Although the credit union has not identified the perpetrators of the data breach, the timeline suggests a possible link to the Black Basta ransomware group. The credit union discovered the incident on the same day that the notorious ransomware gang added it to its leak site. Black Basta, which has targeted over 500 victims globally and received more than $100 million in ransom payments, has been inactive since January 2025, making this a complex and ongoing situation for those affected.
Reference:
