After an investigation and consultation with cybersecurity professionals, GNFCU determined that personal information of members might have been accessed by an unauthorized individual, according to a notification letter sent to its members.

Although GNFCU currently serves 10,532 members, the breach impacted 18,621 people, indicating that the breach affected current and former members.

Portions of GNFCU’s letter posted by the Maine Attorney General’s office were redacted, including details about the compromised personal information. Typically, this information includes names, addresses, birthdates, Social Security numbers, driver’s license numbers, debit and credit card numbers, PINs and other data used in fraudulent schemes.

In November 2024, SBCU discovered suspicious activity involving an employee’s email account, the credit union reported.

“On Jan. 7, 2025, following a thorough review, SBCU confirmed that a limited amount of personal information may have been accessed by an unauthorized party,” the credit union stated in its May 14 notification letter to its 19,744 members.

SBCU reported 7,479 individuals were affected. Although the notification letter said members’ first and last names were potentially compromised, the credit union did not list what other personal information of members may have been exposed.

"Please accept our apologies that this incident occurred,” SBCU said in the notification letter. “We are committed to maintaining the privacy of personal information and will continue to enhance our practices to safeguard it.”

Both credit unions stated they are unaware of any misuse of members’ information because of the breaches.

GNFCU and SBCU offered affected individuals complimentary access to credit monitoring and ID theft protection services.

Peter Strozniak can be reached at [email protected].