On or around August 9, 2024, AOD Federal Credit Union (AODFCU) discovered unauthorized access to its internal network. Upon detection, the credit union immediately secured its environment and launched a comprehensive investigation, enlisting external cybersecurity experts to assist. The investigation revealed on March 4, 2025, that an unauthorized actor had gained access to and possibly acquired sensitive files containing customers' personal data between August 8 and August 9, 2024.
The breach exposed personally identifiable information (PII) including names, Social Security numbers, driver's license numbers, and financial details such as account numbers, credit card numbers, and debit card numbers. Although there is currently no evidence indicating misuse of this information, the sensitive nature of the exposed data poses significant risks, including identity theft and financial fraud.
The breach impacted customers in multiple states, including 400 individuals in Texas, 42 individuals in Massachusetts, and 16 individuals in New Hampshire.
AOD Federal Credit Union notified state authorities about the data breach. The incident was reported to the Massachusetts Attorney General's office on March 27, 2025, the Texas Attorney General's office on March 28, 2025, the Vermont Attorney General's office on March 28, 2025, and the New Hampshire Attorney General's office on March 31, 2025.
AOD Federal Credit Union's official notification about the breach, including detailed information and recommended actions for affected individuals, can be found on the AODFCU website.
To support affected customers, AODFCU is providing complimentary access to Experian IdentityWorks Credit 3B, an identity protection service designed to detect potential misuse of personal information and assist in resolving identity theft issues. This service is offered free of charge for a limited time. Instructions for enrollment and activation are included in the notification letter sent via U.S. mail to affected individuals.
Additionally, AODFCU recommends affected customers take precautionary measures, including placing fraud alerts and security freezes on their credit files, obtaining free credit reports, and regularly reviewing financial statements and credit reports for suspicious activity.
Customers with further questions or concerns can contact the dedicated toll-free response line provided in the notification letter. This line is staffed by professionals familiar with the incident, available Monday through Friday, from 9:00 am to 9:00 pm Eastern Time, excluding major U.S. holidays.