Cross Valley Federal Breach Affects 17,826 People

On December 4, 2024, Cross Valley Federal Credit Union discovered suspicious activity on its network, indicating unauthorized access. Upon identifying the intrusion, the credit union immediately took steps to contain the breach and secure its network environment. Cross Valley Federal Credit Union then engaged external cybersecurity specialists to conduct a thorough investigation into the nature and extent of the incident.

The investigation confirmed that an unauthorized actor had gained access to sensitive personal information belonging to Cross Valley Federal Credit Union members. The compromised data included personally identifiable information (PII), specifically names, addresses, and Social Security numbers. Protected health information (PHI) was not reported as being involved in this breach.

In total, 17,826 individuals across the United States were impacted by this data breach. Among the affected individuals, two residents of Maine and eight residents of Massachusetts had their personal information exposed. The number of affected individuals in New Hampshire was not disclosed, as the relevant information was protected and unavailable for extraction.

Cross Valley Federal Credit Union formally notified affected consumers of the breach via written notices on March 13, 2025. Additionally, the credit union officially reported the breach to the Attorney General's offices in Maine, Massachusetts, Vermont, and New Hampshire on March 24, 2025.

Cross Valley Federal Credit Union's response

Cross Valley Federal Credit Union acted swiftly to address the data breach. Immediately following discovery, the credit union contained the intrusion and secured its network to prevent further unauthorized access.

To strengthen security and prevent similar incidents in the future, Cross Valley Federal Credit Union implemented several enhancements, including:

• Enhanced cybersecurity training for employees
• Additional verification steps for email links
• Sandboxing potential email threats to isolate and neutralize suspicious emails

Recognizing the seriousness of the breach, Cross Valley Federal Credit Union is offering affected members complimentary credit monitoring and identity theft protection services through CyberScout, a TransUnion company specializing in fraud assistance and remediation. These services include single-bureau credit monitoring, credit reports, credit scores, and proactive fraud assistance for a period of 12 months.

If you received a notification letter from Cross Valley Federal Credit Union, you are encouraged to enroll in these complimentary services as soon as possible. Enrollment instructions and a unique activation code are included in your notification letter. Additionally, Cross Valley Federal Credit Union recommends that all affected individuals remain vigilant by regularly reviewing account statements and monitoring credit reports for any suspicious or unauthorized activity.

If you have further questions or concerns about this incident, Cross Valley Federal Credit Union has provided a dedicated toll-free helpline at 1-833-799-3982, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Standard Time.

For more information on the company, visit the official Cross Valley Federal Credit Union website.