- Cyber Syrup
- Posts
- Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Impacting 187,000 Individuals
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Impacting 187,000 Individuals
Fairmont Federal Credit Union (FFCU), has disclosed that over 187,000 individuals had their personal and financial information stolen in a cybersecurity breach
In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
The Gold standard for AI news
AI keeps coming up at work, but you still don't get it?
That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.
Here's what you get:
Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.
Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.
New AI tools tested and reviewed - We try everything to deliver tools that drive real results.
All in just 3 minutes a day
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Impacting 187,000 Individuals
Fairmont Federal Credit Union (FFCU), a not-for-profit financial organization serving communities in West Virginia, has disclosed that over 187,000 individuals had their personal and financial information stolen in a cybersecurity breach. The organization provides a wide range of financial services, including business loans, mortgages, personal banking, and financial aid programs, operating nine branches across the state.
Timeline of Discovery
The breach itself occurred between September 30 and October 18, 2023, but was not detected until January 23, 2024. Upon discovery, FFCU launched a forensic investigation to assess the scope and impact of the compromise. The investigation concluded on August 17, 2025, revealing the scale of the data theft and confirming that sensitive files had been exfiltrated from the network.
Information Compromised
The exposed data is extensive and includes:
Personally Identifiable Information (PII): Names, dates of birth, Social Security numbers, driver’s license and government-issued ID numbers.
Financial Details: Full credit and debit card numbers, security codes, PINs, expiration dates, routing numbers, tax ID numbers, and IRS PINs.
Access Credentials: Full login details to accounts.
Health Information: Medical and health insurance data.
The combination of financial, identification, and medical data creates a high risk of identity theft and fraud for affected individuals.
Notification and Response
FFCU began notifying 187,038 individuals in late August 2025, filing breach notifications with the Maine Attorney General’s Office and providing affected parties with 12 to 24 months of free identity theft protection and credit monitoring services.
Despite the scale of the compromise, FFCU stated:
“To date, FFCU is not aware of any incidents of identity theft or financial fraud as a result of the incident.”
Possible Link to Ransomware Group
Though the organization has not attributed responsibility, the incident’s timing aligns with activity from the Black Basta ransomware group. On the same day the breach was discovered, Black Basta reportedly added FFCU to its Tor-based leak site.
Black Basta has been one of the most prolific ransomware operations globally, linked to over 500 victims and responsible for more than $100 million in ransom payments before its apparent inactivity since January 2025.
Broader Implications
This breach underscores the dangers of delayed discovery in cybersecurity incidents. The fact that attackers maintained access for weeks in 2023 — and that the breach’s full scope was only confirmed nearly two years later — highlights the importance of:
Continuous monitoring of networks.
Swift detection and response strategies.
Transparency with customers and regulators.
Financial institutions remain a prime target for ransomware and data theft campaigns due to the high value of financial and identity data, making proactive defenses critical.