MetroWest Community Federal Credit Union Data Breach Impacts 7,573

On Sept. 1, 2025, MetroWest Community Federal Credit Union began receiving alerts about suspicious activity on certain systems within its network. It was determined that on Sept. 3, 2025, an unauthorized party had accessed specific systems and copied files without permission, exposing personally identifiable information (PII) of at least 7,573 residents in Massachusetts and 65 in Rhode Island.

The cybercriminal group known as Akira claimed responsibility for the attack, which they executed using ransomware and later publicized on the Tor network on Oct. 25, 2025.

This breach is significant in both scope and severity. The compromised data includes a wide range of personally identifiable information (PII): names, addresses, telephone numbers, Social Security numbers, full financial account numbers, debit card numbers and driver’s license numbers. The attackers also claimed to have obtained client documents such as driver’s licenses, birth and death certificates, financial and accounting records, court case information and employee personal files.

The Akira ransomware group’s method involved both data theft and system encryption, a tactic that increases pressure on organizations to pay a ransom. The incident was reported to law enforcement, including the Federal Bureau of Investigation.

MetroWest Community Federal Credit Union disclosed the data breach to the Massachusetts Attorney General's office on Dec. 29, 2025. Impacted individuals have been notified by mail.

MetroWest Community Federal Credit Union's response

MetroWest Community Federal Credit Union responded to the breach by immediately securing its systems and engaging cybersecurity experts to investigate the incident. The credit union is working with law enforcement and continues to review the affected data to determine the full scope of the breach. To support those impacted, MetroWest is offering complimentary access to Experian IdentityWorks for 24 months.

If you receive notification from MetroWest Community Federal Credit Union about this breach, you may want to:

• Sign up for the free Experian IdentityWorks identity theft protection services, offered by MetroWest Community Federal Credit Union.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, MetroWest Community Federal Credit Union has set up a call center at 833-918-1100, Monday through Friday, 8 a.m. to 8 p.m. CT.