Educational Employees Credit Union Data Breach Exposes SSNs

Educational Employees Credit Union, the largest locally-based credit union in California's central San Joaquin Valley, has disclosed a data breach that was discovered on Dec. 15, 2025.

The credit union reported the breach to the California Attorney General on May 29, 2026, and to attorneys general in Texas on June 1 and Massachusetts on June 2.

According to state filings, 949 Texas residents and 34 Massachusetts residents were affected by the breach.vConsumer notification letters are dated May 29, 2026, and the credit union has also posted a notice on its website.

On Dec. 15, 2025, Educational Employees Credit Union learned that an unauthorized individual gained access to one employee email account for a limited period. Upon discovering the unauthorized access, the credit union secured its email environment and launched an investigation with the assistance of outside cybersecurity professionals experienced in handling these types of incidents.

The investigation determined that certain emails within the compromised account may have been accessed or removed by the unauthorized individual on Dec. 15, 2025. Following the investigation, the credit union began a thorough review of the contents of the impacted email account to identify what personal information the emails contained.

On May 8, 2026, nearly five months after the initial incident, the review confirmed that the unauthorized actor may have accessed or acquired personal information belonging to certain individuals.

According to the company's website notice, the types of information potentially exposed included names and one or more of the following: dates of birth, Social Security or tax identification numbers, driver's license or state-issued identification numbers, passport numbers, financial account or credit/debit card numbers and expiration dates or CVV/security codes.

Educational Employees Credit Union's response

The credit union is notifying affected individuals by U.S. mail with personalized letters. Each notification letter includes details about the incident and the specific types of personal information that may have been exposed for each individual recipient.

As part of its response, Educational Employees Credit Union is offering affected individuals two years of complimentary identity monitoring services through Kroll. The services include single bureau credit monitoring, which sends alerts when changes are made to an individual's credit data, such as when a new line of credit is applied for in their name. The package also includes fraud consultation with Kroll specialists and identity theft restoration, in which a licensed Kroll investigator works on behalf of victims to help resolve identity theft issues.

Affected individuals can enroll in the monitoring services by visiting Kroll's enrollment website and entering the membership number included in their notification letter. The credit union has set a deadline for enrollment, which is specified in each person's letter.

Educational Employees Credit Union has also established a dedicated and confidential call center for individuals with questions about the incident. The call center can be reached at 844-959-7084 and is available from 7 a.m. to 7 p.m. Pacific time, Monday through Friday, and from 9 a.m. to 1 p.m. on Saturdays, excluding holidays. The credit union stated in its notification that it has "taken this matter very seriously" and apologized for "any inconvenience or concern this may cause."