Data Breaches Hit Credit Unions in Maryland & Pennsylvania

The personal information of more than 93,000 persons may have been compromised.

By Peter Strozniak | March 24, 2025 at 04:18 PM

Credit unions in Maryland and Pennsylvania have recently reported data breaches that may have affected more than 93,000 individuals and potentially exposed their personal information.

The $1.9 billion, 57,462-member Lafayette Federal Credit Union (LFCU) in Rockville, Md., reported that the personally identifiable information (PII) of 75,545 people may have been compromised after an unauthorized third party gained access to one LFCU employee’s email account, according to the credit union’s public filing with the Maine Attorney General’s office on March 20.

Recommended For You

On March 13, the $246 million, 17,243-member Cross Valley Federal Credit Union (CVFCU) in Wilkes-Barre, Pa., disclosed that the personal information of 17,286 individuals may have been compromised following the discovery of suspicious activity on its network, according to a separate public filing with the Maine Attorney General’s office.

At LFCU, the breach occurred on Sept. 16, 2024, but wasn’t discovered until Feb. 5, 2025. After learning of the breach involving the email account, the credit union took immediate steps to contain it, and hired a forensic security firm to confirm the security of its email system and investigate the incident.

The investigation determined that the unauthorized third party accessed the employee’s email account for a “brief period” on Sept. 16, according to the credit union’s filing.

At CVFCU, suspicious activity on its network was discovered on Dec. 4, 2024.

After taking immediate steps to contain the suspected intrusion, the credit union hired a forensic investigator, who determined that some member data may have been compromised by an unauthorized third party.

Both LFCU and CVFCU have implemented additional security enhancements to reduce the risk of similar incidents occurring in the future.

Both credit unions also stated there is currently no evidence suggesting that member information has been misused for fraud or identity theft. Nonetheless, as a precautionary measure, both institutions have offered affected members one year of complimentary identity theft protection services.

READ MORE: Lafayette Credit Union and Cross Valley Federal Credit Union Data Breach Notices.

Peter Strozniak can be reached at [email protected]

NOT FOR REPRINT

Credit Union Times reporter covering credit union operations, fraud, M&As, leagues, business continuity, and breaking news.

1 NCUA Holds Two Closed Meetings About Personnel, Cancels March Board Meeting

2 Floridacentral Credit Union Settles Member Data Breach Class Action Lawsuit

3 CUs Bracing for Impact From SBA's Cutting 42% of Workforce

4 Former Indiana Credit Union CEO Faces Bank Fraud Charges

5 GOP List Includes Eliminating Credit Union Tax Exemption

GlobeSt. Multifamily Spring 2025
April 01, 2025 - New York

Join the industry's top owners, investors, developers, brokers & financiers at THE MULTIFAMILY EVENT OF THE YEAR!
More Information
GlobeSt. Net Lease Spring 2025
April 01, 2025 - New York

This conference brings together the industry's most influential & knowledgeable real estate executives from the net lease sector.
More Information
Consulting
The Rising Stars of the Profession 2025
April 03, 2025 - Chicago

Consulting magazine is proud to recognize this unique group of movers & shakers at our annual Rising Stars of Profession awards.
More Information