Appalachian Community Federal Ransomware Exposes Social Security Numbers

Tennessee-based Appalachian Community Federal Credit Union disclosed a data breach affecting the personal information of its members. The breach was first discovered on Oct. 7, 2025, when the credit union detected a disruption to its computer systems. In response, the organization took its network offline and engaged forensic specialists to investigate the incident.

The investigation revealed that on Oct. 10, 2025, sensitive data had been exfiltrated from the network. The review of compromised files concluded on Dec. 1, 2025, confirming that files containing members’ names, Social Security numbers and financial account information had been taken.

The breach was reported to the Massachusetts Attorney General on Dec. 31, 2025, disclosing at least four individuals in Massachusetts were affected, though the total number of impacted members is likely be higher across other regions.

The severity of this incident is underscored by the fact that the Qilin ransomware group publicly claimed responsibility, announcing on Nov. 18, 2025, that they had published 75 GB of the organization’s data on the dark web.

Appalachian Community Federal Credit Union's response

For affected members, the credit union is offering complimentary access to single bureau credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company. These services include alerts for changes to credit files and proactive fraud assistance. Impacted individuals are encouraged to enroll in these services within 90 days of receiving notification.

Given the nature of the breach and the involvement of a ransomware group, individuals should remain vigilant for signs of identity theft or fraud. It is recommended to monitor account statements and credit reports, place fraud alerts or credit freezes with major credit bureaus and report any suspicious activity to the credit union, financial institutions or law enforcement. Additional resources and step-by-step guidance are available in the official consumer notice, which is linked at the bottom of this article.