Connected Credit Union Data Breach Exposes Member Information

Connected Credit Union, a federally insured credit union based in Augusta and Winslow, Maine, recently disclosed a data breach that exposed personal and financial information belonging to some of its members.

Connected Credit Union observed suspicious activity involving an employee email account. Upon identifying the situation, the credit union secured the compromised account, initiated an internal investigation and engaged an outside cybersecurity company to conduct a forensic investigation into the incident.

The forensic investigation determined that, as part of a phishing scheme, an unauthorized individual had gained access to certain emails contained within the employee's email account. The unauthorized access exposed personal information that had been included in those email communications.

On March 3, 2026, after completing its review of the contents of the affected emails, the credit union confirmed that the messages contained personal information belonging to some consumers.

The categories of personal information involved in the breach included names, Social Security numbers, credit and debit card numbers, financial account numbers and financial account security codes.

The breach was disclosed to the attorneys general of Massachusetts and Vermont. The total number of individuals affected across the United States has not been publicly disclosed.

Connected Credit Union's response to the breach

The credit union is providing all affected individuals with a complimentary 24-month membership to Experian IdentityWorks Credit 3B. This identity protection service actively monitors credit files at all three major credit reporting agencies (Experian, Equifax and TransUnion) for indicators of possible fraud.

The membership provides up to $1 million in identity theft insurance, which covers certain costs and unauthorized electronic fund transfers.

Affected individuals can enroll online at the Experian IdentityWorks website using the activation code included in their notification letter. Those who prefer to enroll by phone or who need help with identity restoration can call Experian's customer care team at 877-288-8057.

Consumers with questions about the breach can contact Connected Credit Union directly at 207-623-3857.

Steps to take if your information was exposed

• Place a credit freeze on credit reports through Equifax, Experian and TransUnion to help prevent new accounts from being opened using stolen personal or financial information.
• Consider placing a fraud alert by contacting any one of the three major credit bureaus (Equifax, Experian or TransUnion), which will notify the other two bureaus automatically.
• Request free credit reports at AnnualCreditReport.com or by mailing a printed request form, and review them carefully for unfamiliar accounts, inquiries or addresses.
• Monitor bank and credit card statements closely for unauthorized transactions, and contact financial institutions right away if any suspicious activity appears.
• Be cautious of phishing attempts that reference Connected Credit Union or this data breach by name, as criminals may use breach notifications as a cover for additional scams.
• Report suspected identity theft to the FTC at ftc.gov/idtheft or by calling 1-877-438-4338, and District of Columbia residents may also contact the Office of the Attorney General for additional identity theft resources.