WILKES-BARRE, Penn.–Cross Valley Federal Credit Union is reporting a data security incident may have compromised the personal information of its more than 17,000 members.

The credit union said the incident took place in 2024. It has been sending notices to its membership alerting them to the issue and offering potential remedies.

According to the $246.5-million Cross Valley FCU, on Dec. 4, 2024 it identified suspicious activity within its network and learned that unauthorized access had occurred. CVFCU said external cybersecurity experts were engaged to investigate the incident’s nature and scope.

The investigation revealed that the unauthorized access may have compromised members’ sensitive data, including names, addresses and Social Security numbers. 

Several law firms have already filed notices seeking plaintiffs.

The announcement follows by one day news that another credit union had been breached.

Another Breach Announced

As the CU Daily reported here, Rockville, Md.-based Lafayette Federal Credit Union has filed a notice of data breach with the Attorney General of California after reporting it has discovered an unauthorized party gained access to an employee’s email account. 

In its notice, LFCU said the incident resulted in an unauthorized party being able to access consumers’ sensitive information and said that upon completing its investigation it began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident, according to JDSupra.com.