SRP did not respond to a CU Times request for comment on Monday.

On Dec. 12, SRP reported to its members and state authorities what the credit union described as an “external system breach (hacking)” that affected 240,742 persons. Currently, SRP serves 194,166 members.

“We recently detected suspicious activity in our computer network. Upon discovering the incident, we immediately implemented our incident response protocols, notified law enforcement, and worked to secure our systems. We also engaged a forensic security firm to assist with our investigation and confirm the security of our computer systems,” SRP wrote in a Notice of Data Breach letter to its members.

The data breach was discovered on Nov. 22, according to the Data Breach Notification document filed with Maine’s Attorney General Office.

“The forensic investigation determined that an unknown, unauthorized third party accessed our computer systems at times from September 5, 2024, and November 4, 2024, and potentially acquired certain files from our network during that time,” the credit union stated. “The incident did not impact our online banking system or core processing system.”

This notification letter, however, did not mention that the external system breach was caused by a ransomware group.

SRP also notified the Texas State Attorney’s office about the data breach and reported that the hackers got unauthorized access to member information such as their names, Social Security numbers, driver’s license numbers, account numbers, credit or debit card numbers, and dates of birth.

Although SRP said it is not aware of any instances of fraud or identity theft involving member information that was compromised by the breach, the credit union offered its members a complimentary one-year membership to Experian ID theft protection and services, according to SRP data breach notification letter.

READ MORE: SRP FCU’s Notice of Data Breach and SRP FCU’s Notice of Data Breach Letter to members.