Good Neighbors FCU Data Breach Affects 18,621 Members

Published
May 2, 2025
Updated
May 12, 2025
Good Neighbors FCU Data Breach Affects 18,621 Members
Good Neighbor Federal Credit Union
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Good Neighbor Federal Credit Union

data breach?

Join the Lawsuit

It's free to join. 

On April 4, 2025, Good Neighbor Federal Credit Union discovered a significant data breach affecting 18,621 individuals across the United States. The breach involved a ransomware attack by a group known as Akira, who claimed responsibility for infiltrating the credit union’s systems and stealing sensitive data.

The attackers later posted about the breach on the dark web on December 24, 2024, stating they had obtained internal financial information, customer and employee contact details, Social Security numbers, HR documents, family information, non-disclosure agreements, driver’s license data, and more.

The compromised information includes personally identifiable information (PII) such as Social Security numbers, driver’s license numbers, financial account details, bank account numbers, credit and debit card numbers, as well as protected health information (PHI) like medical and health insurance information.

The breach affected individuals in several states, including 2 in Maine and 7 in Massachusetts. The credit union notified consumers in writing on May 1, 2025.

Good Neighbor Federal Credit Union's response

After detecting the breach, Good Neighbor Federal Credit Union promptly notified affected individuals and relevant authorities. Written notices were sent to consumers beginning May 1, 2025, outlining the types of information compromised and providing guidance on protective measures. The credit union also posted a detailed breach notice on its official website.

Given the nature of the attack—ransomware deployed by the Akira group—affected individuals are strongly urged to take immediate steps to protect themselves. This includes monitoring financial accounts for unauthorized activity, placing fraud alerts or credit freezes with major credit bureaus, and being vigilant for phishing attempts or suspicious communications. Because both PII and PHI were exposed, individuals should also monitor their health insurance statements and medical records for signs of misuse.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
May 01, 2025
Date of Breach
Breach Discovered Date
April 04, 2025
Total People Affected
18621
Information Types Exposed
  • social security numbers
  • Financial Account
  • driver’s license number
  • financial information
  • bank account numbers
  • credit card or debit card numbers
  • medical information and health insurance information
  • information_types missing
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image