Pierluigi Paganini
September 15, 2025
Fairmont Federal Credit Union (FFCU) is a not-for-profit financial cooperative in West Virginia. It offers services like personal and business loans, mortgages, checking accounts, and financial aid, operating nine regional branches to serve its members.
Fairmont Federal Credit Union warned 187038 members that their data was stolen in a 2023 breach, exposing personal, financial, and medical details.
The organization discovered the security breach in January 2024 and investigated the incident until August 2025. The not-for-profit financial cooperative discovered that threat actors had already broken in months earlier, between late September and mid-October 2023, and stolen personal data.
“After an extensive investigation, we concluded on or about August 17, 2025 that one or more of the files accessed and/or acquired by the unauthorized party between September 30, 2023 and October 18, 2023 may contain personal information including, full name, date of birth, address, Social Security number, U.S. Alien registration number, passport number, driver’s license or state ID number, military ID number, Tax ID number, non-U.S. national identification number, financial account number, routing number, financial institution name, credit card/debit card number, security code/PIN number, credit card/debit card expiration date, IRS PIN number, treatment information/diagnosis, prescription information, provider name, MRN/patient ID, Medicare/Medicaid number, health insurance policy/subscriber number, other health insurance information, treatment cost information, full access credentials, security questions and answers, and digital signatures.” reads the data breach notification letter sent to the impacted individuals.
The exposed information varies for each individual, however in incident also exposed financial data such as card/debit card details.
FFCU says no fraud has been reported but recommends impacted individuals to stay vigilant. Starting Sept 11, 2025, the organization also offered guidance, free credit reports, and credit monitoring for those customers with exposed SSNs.
“To date, we are not aware of any reports of identity fraud as a direct result of this incident. Nevertheless, in response to the incident, we are offering complimentary access to Experian IdentityWorksSM for 12 or 24 months.” continues the Data Breach Notification sent to the Maine Attorney General. “If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent.”
FFCU did not share technical details about the attack, however the Black Basta ransomware group claimed responsibility for the security breach.
Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. As of May 2024, Black Basta has impacted over 500 organizations worldwide.
In May 2024, the FBI, CISA, HHS, and MS-ISAC issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative.
Black Basta has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health. The alert provides Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) obtained from law enforcement investigations and reports from third-party security firms.
In February 2025, leaked Black Basta chat logs reveal internal conflicts, exposing member details and hacking tools as the gang reportedly falls apart.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fairmont Federal Credit Union)
Data Breach / September 15, 2025
