The credit union, which has over $1 billion in assets and serves more than 70,000 members, discovered the unauthorized access on June 3, just one day after the breach occurred. According to the data breach notification letters sent to affected members, an investigation revealed that an unknown party accessed or downloaded files between June 2 and 3, 2025. By July 27, Connex was able to identify the specific individuals whose information may have been compromised. While there is no evidence that attackers accessed member funds, the stolen data is extensive.
The stolen data includes a wide range of personal and financial information. Attackers gained access to members’ names, account numbers, debit card details, Social Security numbers, and government identification. Although the credit union has not yet found proof that these details have been used in fraudulent activity, it is taking the incident seriously. In response, Connex is displaying a scam alert on its website to warn members about potential phishing attacks.
The alert specifically cautions members about scammers impersonating Connex employees in ongoing phishing attacks, which often involve calls or texts. The credit union has advised members to be vigilant and has clarified that its employees will never ask for personal information such as PINs, passcodes, or account numbers. To prevent further fraud, Connex recommends that if a member receives a suspicious call or text, they should hang up and contact the credit union directly at a provided number.
This incident follows a recent increase in similar attacks targeting various sectors. A wave of data breaches, for example, has been linked to the ShinyHunters extortion group, which has affected major companies like Allianz Life, Adidas, and Louis Vuitton. Additionally, the Scattered Spider hacker collective has been targeting different industries, from insurance and aviation to retail. These incidents highlight the growing threat of cyberattacks across different sectors, making it crucial for organizations to enhance their cybersecurity measures.
As a member-owned, non-profit organization founded in 1940, Connex operates eight branches throughout the greater New Haven area. It provides a variety of services, including banking, insurance, and credit cards, to its large member base. The credit union’s quick action to notify members and issue warnings about ongoing scams demonstrates its commitment to protecting its members in the wake of this serious breach.
Reference: