Carter Federal Credit Union Breach Affects 69K People: SSNs Exposed

Published

August 31, 2025

Updated

August 31, 2025

Carter Federal Credit Union

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

Between June 25 and July 2, 2025, Carter Federal Credit Union experienced a major data breach when an unauthorized third party gained temporary access to the credit union’s network. The intrusion was discovered on July 2, 2025, prompting immediate containment and investigation efforts.

According to the disclosures filed with both the Maine Attorney General’s office and the California Attorney General’s office, a total of 68,934 individuals in the United States were affected, including 59 Maine residents.

The breach involved unauthorized access to files containing an array of sensitive personal information. The exposed data included names, Social Security numbers, dates of birth, driver’s license or state identification numbers, credit and debit card numbers, financial account numbers, financial account history, passport numbers, retirement and 401(k) benefits information, health insurance information, and limited medical treatment or diagnosis details.

The forensic investigation, conducted with the assistance of a leading security firm, confirmed that the attacker accessed certain files. Carter Federal Credit Union notified affected individuals in writing on Aug. 29, 2025, and posted a public notice on their website.

Carter Federal Credit Union's response

For those affected, Carter Federal Credit Union is offering a complimentary one-year membership to Experian IdentityWorks Credit 3B. This service includes credit monitoring across all three major credit bureaus, identity restoration support, and up to $1 million in identity theft insurance. Affected individuals are encouraged to enroll in this program to monitor for any potential misuse of their information. Instructions for enrollment and additional guidance are included in the written notice sent to impacted members.

Given the nature of the compromised data, it is highly recommended that affected individuals remain vigilant by regularly reviewing account statements and credit reports. Placing a fraud alert or credit freeze with the major credit bureaus can provide additional protection. The notice also provides resources for reporting suspected identity theft to law enforcement and the Federal Trade Commission.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.