Fairmont Federal Credit Union 2023 Data Breach Impacted 187K People
A devastating data breach has left over 187,000 individuals vulnerable to identity theft after Fairmont Federal Credit Union (FFCU) revealed that a security breach exposed sensitive personal, financial, and medical information. The not-for-profit financial cooperative in West Virginia is urging affected members to remain vigilant despite the lack of reported fraud.
FFCU, which operates nine regional branches across the state, offers a range of services including personal and business loans, mortgages, checking accounts, and financial aid. The organization discovered the breach in January 2024 and launched an investigation that lasted until August 2025. According to FFCU, threat actors breached their systems between late September and mid-October 2023, stealing personal data.
The affected individuals' personal information includes full name, date of birth, address, Social Security number, U.S. Alien registration number, passport number, driver’s license or state ID number, military ID number, Tax ID number, non-U.S. national identification number, financial account number, routing number, financial institution name, credit card/debit card number, security code/PIN number, credit card/debit card expiration date, IRS PIN number, treatment information/diagnosis, prescription information, provider name, MRN/patient ID, Medicare/Medicaid number, health insurance policy/subscriber number, and other health insurance information.
However, the breach also exposed financial data such as card/debit card details. FFCU has assured members that no fraud has been reported yet, but it is advising individuals to stay vigilant and take necessary precautions to protect themselves.
Support for Affected Individuals
Starting September 11, 2025, FFCU began offering guidance, free credit reports, and credit monitoring services for customers whose Social Security numbers were exposed during the breach. The organization is also providing complimentary access to Experian IdentityWorksSM for 12 or 24 months to help affected individuals mitigate potential identity theft risks.
FFCU has emphasized its commitment to protecting member data and preventing identity fraud, stating: "If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent."
The Black Basta Ransomware Group Claimed Responsibility
FFCU has not disclosed technical details about the attack, but law enforcement agencies have identified the Black Basta ransomware group as responsible for the breach. The Black Basta ransomware-as-a-service (RaaS) has been active since April 2022 and has impacted numerous businesses and critical infrastructure entities across North America, Europe, and Australia.
According to the FBI, CISA, HHS, and MS-ISAC, the Black Basta group has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health. The organizations have issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative.
Internal Conflicts Exposed in Leaked Chat Logs
In February 2025, leaked chat logs revealed internal conflicts within the Black Basta gang, exposing member details and hacking tools. The incident highlights the ongoing challenges posed by ransomware groups and their impact on critical infrastructure and individual lives.
Stay Safe Online
As we navigate the complex world of cybersecurity, it is essential to prioritize online safety and take proactive measures to protect ourselves from potential threats like data breaches. By staying vigilant and taking necessary precautions, individuals can minimize the risks associated with such incidents.