.png)
MetroWest Community Fed. Credit Union Data Breach Impact Surpasses 20k People
On Sept. 1, 2025, MetroWest Community Federal Credit Union began receiving alerts about suspicious activity on certain systems within its network. It was determined that on Sept. 3, 2025, an unauthorized party had accessed specific systems and copied files without permission, exposing personally identifiable information (PII) of at least 7,573 residents in Massachusetts, 132 in Maine, and 65 in Rhode Island.
Nationwide, 20,722 people have been impacted, according to the Maine Attorney General disclosure.
The cybercriminal group known as Akira claimed responsibility for the attack, which they executed using ransomware and later publicized on the Tor network on Oct. 25, 2025.
The compromised data includes a wide range of personally identifiable information (PII): names, addresses, telephone numbers, Social Security numbers, full financial account numbers, debit card numbers and driver’s license numbers.
The attackers also claimed to have obtained client documents such as driver’s licenses, birth and death certificates, financial and accounting records, court case information and employee personal files.
MetroWest Community Federal Credit Union disclosed the data breach to the Massachusetts and Vermont (updated in March 2026) attorneys general offices starting on Dec. 29, 2025. Additionally, the company posted a notice of the incident to its website.
Impacted individuals have been notified by mail.
MetroWest Community Federal Credit Union's response
MetroWest Community Federal Credit Union responded to the breach by securing its systems and engaging cybersecurity experts to investigate the incident. The credit union is working with law enforcement and continues to review the affected data to determine the full scope of the breach. To support those impacted, MetroWest is offering complimentary access to Experian IdentityWorks for 24 months.
If you receive notification from MetroWest Community Federal Credit Union about this breach, you may want to:
- Sign up for the free Experian IdentityWorks identity theft protection services, offered by MetroWest Community Federal Credit Union.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
For affected individuals with questions, MetroWest Community Federal Credit Union has set up a call center at 833-918-1100, Monday through Friday, 8 a.m. to 8 p.m. CT.
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
Subscribe to our weekly class actions newsletter.
.svg)