Gain Federal Credit Union Data Breach Exposes SSNs and Other PII

On Oct. 20, 2025, Gain Federal Credit Union, a longstanding financial institution based in Burbank, Calif., experienced a data breach involving unauthorized access to a single employee’s email account.

The breach was discovered after the credit union detected unusual activity in the account. Action was taken to interrupt access, and a forensic investigation was launched with the support of legal and cybersecurity experts.

The breach potentially exposed sensitive personal and financial information, including names, addresses, account numbers, financial and loan information, driver’s license numbers and Social Security numbers.

Starting on Feb. 4, 2026, the incident was disclosed to the California Attorney General, the Indiana Attorney General, the Massachusetts Office of Consumer Affairs and Business Regulation, and the New Hampshire Attorney General.

The total number of individuals affected from this breach are 10,411. Current reports confirm that eleven Massachusetts residents, eight Indiana residents, and two New Hampshire residents were impacted.

Gain Federal Credit Union’s response

Upon discovering the breach, Gain Federal Credit Union secured the compromised email account and began a thorough investigation with the help of independent third-party forensic specialists. The credit union also notified law enforcement and relevant authorities as required by law.

Gain Federal Credit Union has directly notified affected members and provided them with detailed guidance on monitoring their credit and protecting their identities.

For those impacted, the credit union has partnered with IDX, a data breach response provider, to offer support and answer questions. Affected individuals are encouraged to contact IDX at 1-888-201-2057, Monday through Friday, 6 a.m. to 6 p.m. Pacific Time, for assistance.

Additionally, Gain Federal Credit Union has offered to issue new account numbers upon request and recommends that members review their account statements and credit reports for suspicious activity.

To further protect themselves, impacted individuals should consider placing fraud alerts or security freezes with the major credit bureaus. The breach notice includes contact information for Equifax, Experian and TransUnion, as well as resources from the Federal Trade Commission and state consumer protection agencies.