MERIDIAN, Conn. — Ellafi Federal Credit Union said a ransomware attack exposed the personal and financial information of more than 17,000 people, according to disclosures filed with Maine regulators.
The credit union said it detected a network disruption on Oct. 14, 2025, and launched an investigation with outside cybersecurity specialists. The review later determined that unauthorized actors had accessed the credit union’s systems and may have obtained certain files. By Nov. 20, Ellafi confirmed the files contained personal information belonging to members and customers, according to ClaimDepot.com.
In a filing with the Maine Attorney General’s Office, Ellafi reported that 17,627 individuals nationwide were affected, including 40 Maine residents. Exposed information may have included names, Social Security numbers, credit card numbers and debit card numbers.
Ransomware Group Cited
ClaimDepot.com said the attack has been attributed to the Akira ransomware group, which publicly claimed responsibility on Nov. 3, 2025. In a posting on the Tor network, the group said it had obtained about 17 gigabytes of data. The materials allegedly included customer and employee records, W-9 forms, contracts, accounting and financial documents, human resources files and non-disclosure agreements, ClaimDepot.com added.
Ellafi notified affected individuals electronically on Dec. 23, 2025, and formally disclosed the incident to regulators on Dec. 27.
In a statement, ClaimDepot.com said Ellafi reported it took immediate steps to contain the breach, including engaging cybersecurity experts, reviewing potentially affected files and implementing additional security measures. The credit union said it also notified the Federal Bureau of Investigation and is cooperating with any ongoing inquiries.
What Members are Being Offered
To assist those impacted, Ellafi is offering 12 months of complimentary identity protection services through IDX. The services include credit monitoring, dark web monitoring, a $1 million identity fraud loss reimbursement policy and fully managed identity theft recovery support. Eligible individuals have until March 23, 2026, to enroll.
