FRAMINGHAM, Mass.— MetroWest Community Federal Credit Union has reported some of its members’ information has been exposed as the result of a data breach, according to a breach notice filed with the Maine Attorney General.
The notice states the $144.2-million CU identified a security incident involving possible unauthorized access to certain systems within its network, and that it has launched an internal investigation in response, including retaining cybersecurity specialists to determine the scope and nature of the incident.
The potentially compromised data may include personally identifying information, including names, Social Security numbers, financial information and other sensitive data.
The report submitted to the Maine Attorney General’s Office states that up to 20,722 individuals may be affected.
Suspicious Activity Flagged
According to MetroWest, on Sept. 1, 2025, it noticed suspicious activity on its network, and through a third party confirmed that unauthorized access and file copying occurred on Sept. 3.
The investigation revealed that the information compromised in the MetroWest Community Federal Credit Union data breach included names, addresses, financial account and payment card numbers, dates of birth, Social Security numbers, driver’s license numbers, and taxpayer IDs, the notice states.
Notification Letters Sent
The credit union said it mailed notification letters to those affected and posted details about the data breach on its website for those affected for whom it does not have addresses.
MetroWest had earlier announced plans to merge with St. Mary’s Credit Union of Marlborough, Mass. The merged entity will retain the St. Mary’s Credit Union name.
ClassAction.org is seeking plaintiffs for a potential case against the credit union.
